[CLOSE] OSVDB ID : 3441 - Disclosed: 2004-01-09

Description:

(Description Provided by CVE) : fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an emptry NNTP news article with missing mandatory headers.

[CLOSE] OSVDB ID : 17295 - Disclosed: 2005-06-08

Description:

(Description Provided by CVE) : The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss).

[CLOSE] OSVDB ID : 63417 - Disclosed: 2010-03-26

Description:

leaftec cms contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'article.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 63416 - Disclosed: 2010-03-26

Description:

leaftec cms contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'login' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 49860 - Disclosed: 2008-10-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.

[CLOSE] OSVDB ID : 54403 - Disclosed: 2009-04-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 54405 - Disclosed: 2009-04-30

Description:

Leap CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the leap.php script not properly sanitizing user-supplied input to the 'searchterm' and 'email' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 54404 - Disclosed: 2009-04-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 54402 - Disclosed: 2009-04-30

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.

[CLOSE] OSVDB ID : 18950 - Disclosed: 2005-08-24

Description:

(Description Provided by CVE) : Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue (.lsq) file.

[CLOSE] OSVDB ID : 68640 - Disclosed: 2010-10-14

Description:

LeapFTP is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted overly long LIST response, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 4587 - Disclosed: 2003-06-08

Description:

A buffer overflow exists in LeapFTP. The server fails to validate IP addresses passed via the PASV command resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 42554 - Disclosed: 2008-02-29

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 28306 - Disclosed: 2006-08-30

Description:

LearnCenter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' variable upon submission to the learncenter.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39156 - Disclosed: 2007-12-13

Description:

Learning Management System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'userlogin.jsp' script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 29688 - Disclosed: 2006-09-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39698 - Disclosed: 2007-11-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.

[CLOSE] OSVDB ID : 61595 - Disclosed: 2010-01-06

Description:

(Description Provided by CVE) : Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb.

[CLOSE] OSVDB ID : 37529 - Disclosed: 2007-06-25

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 2739 - Disclosed: 2003-10-31

Description:

LedForums contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "top_message" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33623 - Disclosed: 2007-03-09

Description:

LedgerSMB contains a flaw that may allow a malicious user to gain access to the administrative interface without supplying the required authentication information. The issue is triggered when a malformed request to the 'admin.pl' script is made without a User-Agent header and password parameters. This flaw may lead to a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 33624 - Disclosed: 2007-03-18

Description:

LedgerSMB contains a flaw that allows a remote attacker to execute arbitrary files outside of the web path. The issue is due to the 'am.pl' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'login' variable.

[CLOSE] OSVDB ID : 47993 - Disclosed: 2008-09-11

Description:

(Description Provided by CVE) : SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 66168 - Disclosed: 2010-02-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47992 - Disclosed: 2008-09-11

Description:

(Description Provided by CVE) : The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

[CLOSE] OSVDB ID : 33620 - Disclosed: 2007-03-08

Description:

(Description Provided by CVE) : Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

[CLOSE] OSVDB ID : 66169 - Disclosed: 2010-02-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38218 - Disclosed: 2007-04-05

Description:

(Description Provided by CVE) : (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.

[CLOSE] OSVDB ID : 33617 - Disclosed: 2007-01-27

Description:

(Description Provided by CVE) : The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

[CLOSE] OSVDB ID : 30058 - Disclosed: 2006-10-25

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.