| OSVDB ID | Disclosure Date | Title |
|---|
|
56947
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic Rally / Tally Certificate Manipulation Weakness
|
|
56937
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic Rally / Tally Malformed MBB File Handling DoS
|
|
56941
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic Rally Unpassworded Modem Access Local Network Address Assignment
|
|
56936
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic SERVO Audit Log Backup Remote Heap Overflow
|
|
56935
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic SERVO FILE_CMD_GET eScan Firmware Verification Routine Remote Overflow
|
|
56934
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic SERVO Multiple Unspecified Remote Overflows
|
|
56939
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic Tally Administrator Interface adjust votes Feature Vote Count Manipulation
|
|
58541
Description:
Hart InterCivic contains a flaw related to how Tally silently rejects votes from an MBB (Mobile Ballot Box) listed as already tallied. The issue is triggered when an attacker with access to an MBB (or possibly the Tally database) ensures that it is tallied before an election, but still used during the election. This may allow an attacker to silently prevent all votes from a precinct from being counted.
|
2007-12-07
|
Hart InterCivic Tally Counted MBB Vote Count DoS
|
|
58535
Description:
Hart InterCivic contains a flaw related to the internal Tally database and how votes are recorded from MBBs (Mobile Ballot Box) based on a list of "tallied" cards with their unique IDs. The issue is triggered when an attacker either inserts new entries with MBB IDs into the Tally database or provides forged MBBs to Tally. This may allow an attacker to prevent tallying of votes from legitimate MBBs.
|
2007-12-07
|
Hart InterCivic Tally Multiple Method MBB Manipulation Vote Count DoS
|
|
56948
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic Voting Suite Multiple Unspecified Format Strings
|
|
56949
Description:
Unknown / Incomplete
|
2007-07-20
|
Hart InterCivic Voting Suite Multiple Unspecified Integer Overflows
|
|
20447
Description:
WindWeb Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when requesting a specially crafted URL with many directory traversal characters, and will result in loss of availability for the service.
|
2005-10-27
|
Hasbani WindWeb Integrated Web Server Malformed GET Request DoS
|
|
11305
Description:
Haserl contains a flaw that may allow a malicious user to change environmental variables. The issue is due to all input parameters being set as environmental variables. It is possible that the flaw may allow manipulation of critical environmental variables resulting in a loss of integrity.
|
2004-10-27
|
haserl Arbitrary Environment Variable Manipulation
|
|
26865
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.
|
2006-03-24
|
Hashcash array_push Function Overflow
|
|
27424
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
2006-07-12
|
Hashcash for Joomla! (com_hashcash) server.php mosConfig_absolute_path Parameter Remote File Inclusion
|
|
14566
Description:
HashCash contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a format string in the way HashCash handles the "From:" Email header occurs. It is possible that the flaw may allow remote system access resulting in a loss of confidentiality, integrity, and/or availability.
|
2005-03-06
|
Hashcash Malformed Reply Address Format String
|
|
83354
Description:
Hashcash Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input passed via an invalid token before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-06-27
|
Hashcash Module for Drupal Invalid Token XSS
|
|
89440
Description:
Haskell tls-extra contains a flaw that is due to the program faililing to verify SSL certificates. This may allow a remote attacker to spoof a valid server and conduct a man-in-the-middle attack.
|
2013-01-20
|
Haskell tls-extra SSL Certificate Validation Spoofing Weakness
|
|
635
Description:
(Description Provided by CVE) : shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
|
2001-09-08
|
Hassan Consulting shop.pl page Parameter Arbitrary Command Execution
|
|
1596
Description:
Hassan Shop Cart contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "shop.cgi" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "page" variable.
|
2000-10-07
|
Hassan Shopping Cart shop.cgi Arbitrary File Access
|
|
61562
Description:
Hasta Blog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the 'blog.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-28
|
Hasta Blog blog.php id Parameter XSS
|
|
61349
Description:
Hasta Blog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the 'yorumyaz.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-28
|
Hasta Blog yorumyaz.php id Parameter XSS
|
|
9131
Description:
Hastymail contains a flaw that allows a remote cross site scripting attack. The flaw exists because email attachments are not properly defined in the Content-Disposition HTTP header, which will allow Internet Explorer to open it inline. This could allow a user to inject Javascript or activeX code in the attachement that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-24
|
Hastymail Attachment Content-Disposition Header XSS
|
|
29564
Description:
(Description Provided by CVE) : CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
|
2006-10-08
|
Hastymail lib/session.php mailbox Name CRLF SMTP Command Injection
|
|
32045
Description:
(Description Provided by CVE) : Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session. NOTE: this is a different type of issue than CVE-2006-5262.
|
2006-10-08
|
Hastymail smtp_message Variable CRLF SMTP Command Injection
|
|
77331
Description:
(Description Provided by CVE) : Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
|
2011-11-22
|
Hastymail2 /lib/ajax_functions.php Multiple Parameter Remote PHP Code Execution
|
|
77351
Description:
Hastymail2 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'rs' parameter upon submission to the /lib/ajax_functions.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-11-22
|
Hastymail2 /lib/ajax_functions.php rs Parameter XSS
|
|
70482
Description:
Hastymail2 contains a flaw related to a failure to set the secure flag for the session cookie in an https session. This may allow a remote attacker to capture the cookie by intercepting its transmission with an http session.
|
2009-12-06
|
Hastymail2 HTTPS Session Cookie Secure Flag Weakness
|
|
68331
Description:
Hastymail2 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate TABLE element background attributes upon submission to the 'lib/htmLawed.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-10-04
|
Hastymail2 lib/htmLawed.php Background Attributes XSS
|
|
84806
Description:
Hastymail2 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because input passed via the subject field of an email message is not properly sanitized before being used in Trend View when using the clean and clean2 templates. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2012-08-17
|
Hastymail2 Tread View Email Message Subject Field XSS
|
