[CLOSE] OSVDB ID : 25045 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the agent_stats_pending_leads.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25026 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_subaffiliates.pl script not properly sanitizing user-supplied input to the 'offset', 'camp_id' or 'sub' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25043 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login', 'logged', 'offset', 'camp_id', 'date' or 'sub' variables upon submission to the agent_subaffiliates.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25048 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the the 'login', 'logged', 'offset' or 'date' variables upon submission to the agent_summary.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25028 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_summary.pl script not properly sanitizing user-supplied input to the 'offset' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25025 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_transactions.pl script not properly sanitizing user-supplied input to the 'offset' or 'sub' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25046 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login', 'logged', 'offset', 'date' or 'sub' variables upon submission to the agent_transactions.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25024 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the agent_transactions_csv.pl script not properly sanitizing user-supplied input to the 'sub' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25050 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Lost Password field upon submission to the lost_pwd.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25035 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the members.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25038 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the modify_agent.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25036 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the modify_agent_1.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25037 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' or 'logged' variables upon submission to the modify_agent_2.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25034 - Disclosed: 2006-04-18

Description:

Leadhound contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variable upon submission to the sign_out.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 36032 - Disclosed: 2007-05-22

Description:

(Description Provided by CVE) : Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property.

[CLOSE] OSVDB ID : 36026 - Disclosed: 2007-05-18

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.

[CLOSE] OSVDB ID : 36043 - Disclosed: 2007-05-27

Description:

(Description Provided by CVE) : Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827.

[CLOSE] OSVDB ID : 67692 - Disclosed: 2010-08-28

Description:

The vulnerability is caused due to a boundary error in LtocxTwainu.dll when handling the value assigned to the "AppName" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code.

[CLOSE] OSVDB ID : 43746 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.

[CLOSE] OSVDB ID : 36035 - Disclosed: 2007-05-24

Description:

(Description Provided by CVE) : Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.

[CLOSE] OSVDB ID : 36036 - Disclosed: 2007-05-25

Description:

(Description Provided by CVE) : Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.

[CLOSE] OSVDB ID : 36042 - Disclosed: 2007-05-26

Description:

(Description Provided by CVE) : Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property.

[CLOSE] OSVDB ID : 36029 - Disclosed: 2007-05-20

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.

[CLOSE] OSVDB ID : 36028 - Disclosed: 2007-05-19

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.

[CLOSE] OSVDB ID : 36033 - Disclosed: 2007-05-21

Description:

(Description Provided by CVE) : A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.

[CLOSE] OSVDB ID : 1426 - Disclosed: 2000-06-25

Description:

(Description Provided by CVE) : LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.

[CLOSE] OSVDB ID : 16568 - Disclosed: 2002-12-29

Description:

(Description Provided by CVE) : The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.

[CLOSE] OSVDB ID : 16187 - Disclosed: 2005-05-04

Description:

(Description Provided by CVE) : fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.

[CLOSE] OSVDB ID : 6452 - Disclosed: 2003-09-04

Description:

(Description Provided by CVE) : The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.

[CLOSE] OSVDB ID : 2515 - Disclosed: 2003-09-05

Description:

Unknown / Incomplete