[CLOSE] OSVDB ID : 64494 - Disclosed: 2010-02-06

Description:

LDF contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the default.asp script not properly sanitizing user-supplied input to the 'page' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 52027 - Disclosed: 2009-01-23

Description:

LDF contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.asp script not properly sanitizing user-supplied input to the user parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 44681 - Disclosed: 2008-04-28

Description:

(Description Provided by CVE) : ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).

[CLOSE] OSVDB ID : 52859 - Disclosed: 2009-02-02

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.

[CLOSE] OSVDB ID : 76795 - Disclosed: 2011-08-24

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.

[CLOSE] OSVDB ID : 46498 - Disclosed: 2008-06-21

Description:

(Description Provided by CVE) : admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.

[CLOSE] OSVDB ID : 78455 - Disclosed: 2012-01-21

Description:

Lead Capture Page System contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'message' parameter upon submission to the admin/login.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 25030 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variable upon submission to the agent_affil.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25051 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_affil_code.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25052 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'logged' and 'login' variables upon submission to the agent_affil_list.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25049 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the agent_camp_all.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25029 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_camp_det.pl script not properly sanitizing user-supplied input to the 'logged' or 'camp_id' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25054 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page', 'camp_id', and 'logged' variables upon submission to the agent_camp_det.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25057 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_camp_expired.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25060 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_camp_new.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25059 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_camp_notsub.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25055 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_camp_sub.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25058 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_campaign.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25044 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'agent_id' variable upon submission to the agent_commission_statement.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25027 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_commission_statement.pl script not properly sanitizing user-supplied input to the 'login', 'logged' or 'agent_id' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25032 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the agent_faq.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25031 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variable upon submission to the agent_help.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25033 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the agent_help_insert.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25023 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_links.pl script not properly sanitizing user-supplied input to the 'banner' or 'offset' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25039 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login', 'logged', 'camp_id', 'banner' or 'offset' variables upon submission to the agent_links.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25041 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variable upon submission to the agent_logoff.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25047 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variables upon submission to the agent_payment_history.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25042 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'dates' variables upon submission to the agent_rev_det.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25053 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' and 'logged' variables upon submission to the agent_stats.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25056 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dates' and 'login' variables upon submission to the agent_stats_det.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.