[CLOSE] OSVDB ID : 30276 - Disclosed: 2006-11-09

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter.

[CLOSE] OSVDB ID : 74178 - Disclosed: 2011-04-18

Description:

(Description Provided by CVE) : dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.

[CLOSE] OSVDB ID : 74177 - Disclosed: 2011-04-18

Description:

(Description Provided by CVE) : dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.

[CLOSE] OSVDB ID : 35287 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java.

[CLOSE] OSVDB ID : 66026 - Disclosed: 2010-07-05

Description:

Lanius CMS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the creation of a new admin user. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 53460 - Disclosed: 2009-04-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77361 - Disclosed: 2011-11-19

Description:

Lanoba Social Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the index.php script script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 64916 - Disclosed: 2010-05-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72144 - Disclosed: 2011-04-30

Description:

aXes Terminal Server contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'login' parameter upon submission to the axests/terminal script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 48679 - Disclosed: 2008-09-25

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.

[CLOSE] OSVDB ID : 23533 - Disclosed: 2006-02-24

Description:

LanSuite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 48658 - Disclosed: 2008-09-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 69870 - Disclosed: 2010-10-08

Description:

Lantern CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'intPassedLocationID' parameter upon submission to the 11-login.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 69871 - Disclosed: 2010-10-08

Description:

Lantern CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'signupemail' parameter upon submission to the 7-home-page.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 18597 - Disclosed: 2005-08-05

Description:

A local buffer overflow exists in the "edituser" comand on Lantronix console servers. The "edituser" command fails to check its command line arguments resulting in a stack overflow. With a specially crafted argument, an attacker can gain administrative privileges resulting in a full compromise.

[CLOSE] OSVDB ID : 18595 - Disclosed: 2005-08-05

Description:

Lantronix Secure Console Server contains a flaw that may allow a malicious local user to modify arbitrary files on the system. Due to insecure permissions set on the /tmp directory, an attacker can exploit a race condition against the creation of the /tmp/listen_fifo_server pipe to modify arbitrary files on the system resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18596 - Disclosed: 2005-08-05

Description:

Lantronix Secure Console Server contains a flaw that allows a local console user to execute system binaries. The issue is due to the console software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the command line variables. Sysadmin user can abuse this bug to become root user, and gain privileges usally not granted by the console software.

[CLOSE] OSVDB ID : 51003 - Disclosed: 2008-01-15

Description:

(Description Provided by CVE) : Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap.

[CLOSE] OSVDB ID : 39188 - Disclosed: 2007-11-11

Description:

(Description Provided by CVE) : Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 71069 - Disclosed: 2010-10-11

Description:

Lara contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the /_ui/changepassword script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of passwords. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 13125 - Disclosed: 2001-01-29

Description:

(Description Provided by CVE) : Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.

[CLOSE] OSVDB ID : 42902 - Disclosed: 2008-02-11

Description:

(Description Provided by CVE) : Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

[CLOSE] OSVDB ID : 42901 - Disclosed: 2008-02-11

Description:

(Description Provided by CVE) : Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.

[CLOSE] OSVDB ID : 5986 - Disclosed: 1999-01-28

Description:

LaserFiche, when running on Netware, contains a flaw that may lead to an unauthorized password exposure. The Btreive tables that contain usernames, passwords, and group membership information do not require administrative privileges for write access. Additionally, any operations directly on the tables are not logged. This may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 5885 - Disclosed: 1999-01-28

Description:

LaserFiche, when running on Netware, contains a flaw that may lead to an unauthorized password exposure. The Btreive tables that contain usernames, passwords, and group membership information are available for any user to read. The data inside those tables is not encrypted, which exposes the passwords in plaintext to any user. Included in the tables is the password for the administrative account. This may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 44401 - Disclosed: 2008-04-15

Description:

LASERnet CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'new' variable and that variable is assigned to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18671 - Disclosed: 2005-08-02

Description:

(Description Provided by CVE) : Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.

[CLOSE] OSVDB ID : 8960 - Disclosed: 2001-12-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.

[CLOSE] OSVDB ID : 68789 - Disclosed: 2010-09-28

Description:

(Description Provided by CVE) : lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

[CLOSE] OSVDB ID : 54862 - Disclosed: 2008-07-08

Description:

(Description Provided by CVE) : Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.