[CLOSE] OSVDB ID : 17941 - Disclosed: 2005-07-09

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable.

[CLOSE] OSVDB ID : 11382 - Disclosed: 1998-11-09

Description:

(Description Provided by CVE) : LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.

[CLOSE] OSVDB ID : 11381 - Disclosed: 1998-11-09

Description:

(Description Provided by CVE) : LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.

[CLOSE] OSVDB ID : 16305 - Disclosed: 2005-04-28

Description:

(Description Provided by CVE) : The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 40446 - Disclosed: 2008-01-21

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.

[CLOSE] OSVDB ID : 40447 - Disclosed: 2008-01-21

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.

[CLOSE] OSVDB ID : 40448 - Disclosed: 2008-01-21

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.

[CLOSE] OSVDB ID : 18893 - Disclosed: 2005-08-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35479 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

[CLOSE] OSVDB ID : 36194 - Disclosed: 2007-06-20

Description:

LAN Management System (LMS) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'lib/language.php' script not properly sanitizing user input supplied to the '_LIB_DIR' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35480 - Disclosed: 2007-04-22

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

[CLOSE] OSVDB ID : 18892 - Disclosed: 2005-08-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 34423 - Disclosed: 2007-03-22

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.

[CLOSE] OSVDB ID : 34424 - Disclosed: 2007-03-22

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.

[CLOSE] OSVDB ID : 37369 - Disclosed: 2007-06-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors.

[CLOSE] OSVDB ID : 37470 - Disclosed: 2007-08-03

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

[CLOSE] OSVDB ID : 36438 - Disclosed: 2007-08-03

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

[CLOSE] OSVDB ID : 37471 - Disclosed: 2007-08-03

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

[CLOSE] OSVDB ID : 66684 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.

[CLOSE] OSVDB ID : 66683 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

[CLOSE] OSVDB ID : 26812 - Disclosed: 2006-06-23

Description:

(Description Provided by CVE) : The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."

[CLOSE] OSVDB ID : 13461 - Disclosed: 2005-02-03

Description:

(Description Provided by CVE) : LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet.

[CLOSE] OSVDB ID : 19504 - Disclosed: 2005-09-13

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'auth.php' script not properly sanitizing user-supplied input to the 'm' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 11301 - Disclosed: 2004-10-30

Description:

Land Down Under contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "rusername" variable in the auth.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 2943 - Disclosed: 2003-12-10

Description:

Land Down Under website manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when SQL injection attacks occur, which will disclose user information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 6508 - Disclosed: 2004-05-29

Description:

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate [img] BBCode tags upon submission to various scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25293 - Disclosed: 2006-04-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11300 - Disclosed: 2004-10-30

Description:

Land Down Under contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id" variable in the comments.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 19300 - Disclosed: 2005-08-29

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'events.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19301 - Disclosed: 2005-09-05

Description:

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input to the 'Description' Field upon submission to the 'events.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.