[CLOSE] OSVDB ID : 9228 - Disclosed: 2002-08-14

Description:

(Description Provided by CVE) : Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.

[CLOSE] OSVDB ID : 10113 - Disclosed: 2002-08-13

Description:

L-Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search.php' script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 14493 - Disclosed: 2002-08-14

Description:

(Description Provided by CVE) : L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.

[CLOSE] OSVDB ID : 17112 - Disclosed: 1997-11-14

Description:

LISTSERV contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends the "lists" command (and possibly others). The list manager will return mail with valid mail lists, as well as other system information including the CPU type and machine load. This may disclose the remote operating system which can assist an attacker in more focused attacks.

[CLOSE] OSVDB ID : 16852 - Disclosed: 2005-05-25

Description:

(Description Provided by CVE) : Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.

[CLOSE] OSVDB ID : 11512 - Disclosed: 1994-01-01

Description:

(Description Provided by CVE) : Buffer overflow in listserv allows arbitrary command execution.

[CLOSE] OSVDB ID : 3223 - Disclosed: 2003-12-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23684 - Disclosed: 2006-03-03

Description:

(Description Provided by CVE) : Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.

[CLOSE] OSVDB ID : 84801 - Disclosed: 2012-08-16

Description:

L-Soft LISTSERV contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because input passed via the 'SHOWTPL' parameter to WA.exe is not properly sanitized before being returned to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 66139 - Disclosed: 2010-07-09

Description:

LISTSERV contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'T' parameter upon submission to the 'wa.exe' executable. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 1311 - Disclosed: 2000-05-05

Description:

(Description Provided by CVE) : Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.

[CLOSE] OSVDB ID : 1470 - Disclosed: 2000-07-17

Description:

(Description Provided by CVE) : Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.

[CLOSE] OSVDB ID : 915 - Disclosed: 1999-01-06

Description:

L0phtCrack contains a flaw that may allow a local attacker to obtain password hashes of systems being tested. The issue is due to the program storing information in the /tmp directory, in files accessable to anyone.

[CLOSE] OSVDB ID : 67786 - Disclosed: 2010-09-03

Description:

L0phtCrack is prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a LCS file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 20140 - Disclosed: 2001-11-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55765 - Disclosed: 2009-01-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6726 - Disclosed: 2004-06-07

Description:

A remote overflow exists in l2tpd. The l2tpd program fails to check the boundary in the write_packet() function in control.c, resulting in a buffer overflow. By establishing an L2TP tunnel and then sending a specially crafted packet, a remote attacker can overflow a buffer, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 55135 - Disclosed: 2003-03-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5062 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.

[CLOSE] OSVDB ID : 5061 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.

[CLOSE] OSVDB ID : 31780 - Disclosed: 2006-12-05

Description:

(Description Provided by CVE) : Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.

[CLOSE] OSVDB ID : 72348 - Disclosed: 2011-05-11

Description:

La Fonera+ contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified condition occurs, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 79069 - Disclosed: 2011-06-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 15918 - Disclosed: 2005-04-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 83323 - Disclosed: 2011-11-06

Description:

LabStoRe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83324 - Disclosed: 2011-11-06

Description:

LabStoRe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index_long.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83322 - Disclosed: 2011-11-07

Description:

LabStoRe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index_short.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 7351 - Disclosed: 2003-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5119 - Disclosed: 2002-04-19

Description:

LabVIEW contains a flaw that may allow a remote denial of service. The issue is triggered when a client sends a malformed HTTP request, using two new line sequences instead of the traditional <CR><LF> combination, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 76933 - Disclosed: 2011-11-09

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.