[CLOSE] OSVDB ID : 51210 - Disclosed: 2008-12-17

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.

[CLOSE] OSVDB ID : 49476 - Disclosed: 2008-07-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 40495 - Disclosed: 2007-11-22

Description:

(Description Provided by CVE) : kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.

[CLOSE] OSVDB ID : 35259 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter.

[CLOSE] OSVDB ID : 52237 - Disclosed: 2008-08-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47609 - Disclosed: 2008-08-02

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.

[CLOSE] OSVDB ID : 47606 - Disclosed: 2008-08-02

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.

[CLOSE] OSVDB ID : 47610 - Disclosed: 2008-08-02

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.

[CLOSE] OSVDB ID : 47608 - Disclosed: 2008-08-02

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.

[CLOSE] OSVDB ID : 47607 - Disclosed: 2008-08-02

Description:

K-Links Platinum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'visit.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 49880 - Disclosed: 2008-09-25

Description:

(Description Provided by CVE) : vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.

[CLOSE] OSVDB ID : 68784 - Disclosed: 2010-08-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55360 - Disclosed: 2006-04-17

Description:

(Description Provided by CVE) : Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

[CLOSE] OSVDB ID : 62402 - Disclosed: 2009-11-19

Description:

(Description Provided by CVE) : Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

[CLOSE] OSVDB ID : 59026 - Disclosed: 2004-07-08

Description:

K-Meleon web browser contains a flaw that may allow a remote attacker to launch a program from a known location. The issue is triggered when rendering specially-crafted web page using the "shell:" command. This requires the attacker to trick a user into visiting the web page.

[CLOSE] OSVDB ID : 57754 - Disclosed: 2009-08-15

Description:

(Description Provided by CVE) : K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

[CLOSE] OSVDB ID : 48338 - Disclosed: 2008-08-26

Description:

K-Rate Premium contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'show' parameter (when 'req' is set to 'online') and 'id' and 'image' parameters (when 'act' is set to 'vote'). This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 48342 - Disclosed: 2008-08-26

Description:

K-Rate Premium contains a flaw that may allow an attacker to execute arbitrary PHP code. The issue is triggered due to the 'Manage Templates' script failing to sanitize template data before storing.

[CLOSE] OSVDB ID : 48340 - Disclosed: 2008-08-26

Description:

K-Rate Premium contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Title' and 'Text' fields upon submission to the 'Post A New Thread' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 48339 - Disclosed: 2008-08-26

Description:

K-Rate Premium contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Your Message' field upon submission to the 'Post a New Thread' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 48341 - Disclosed: 2008-08-26

Description:

K-Rate Premium contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Description' field upon submission to the 'Your Pictures' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 21128 - Disclosed: 2005-11-28

Description:

r0t has reported some vulnerabilities in K-Search, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "id", "stat", and "source" parameters in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 1. Input passed to the "term" parameter in "index.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. examples: /index.php?term=%23%25%23term%23%25%23&sm =Mekl%E7t&source=1&req=search /index.php?term=%28%27r0t+checker%27%29&sm =Mekl%E7t&source=1&req=search 2. Input passed to the many parameters in "index.php" isn't properly sanitised before being used in a SQL query (Below examples).This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. examples: /index.php?req=edit&id=[SQL] /index.php?req=view&act=stat_all&stat=[SQL] /index.php?req=view&act=status&id=1&stat=[SQL] /index.php?req=view&act=status&id=[SQL] /index.php?req=delsite&id=[SQL] /index.php?req=search&source=[SQL] 3. Into "/index.php?req=add" , upload image parameters isn't properly sanitised before being used in a SQL query. Attacker can get full instalisation path.

[CLOSE] OSVDB ID : 21127 - Disclosed: 2005-11-28

Description:

K-Search contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id', 'stat' and 'source' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 65806 - Disclosed: 2010-06-22

Description:

K-Search contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'term' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68182 - Disclosed: 2010-09-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55759 - Disclosed: 2009-06-29

Description:

K2 Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'category' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 68699 - Disclosed: 2010-10-10

Description:

K2Editor is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening certain text files from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 50764 - Disclosed: 2008-12-09

Description:

(Description Provided by CVE) : K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

[CLOSE] OSVDB ID : 77240 - Disclosed: 2007-01-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 75823 - Disclosed: 2011-01-28

Description:

(Description Provided by CVE) : ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files.