[CLOSE] OSVDB ID : 39050 - Disclosed: 2007-12-06

Description:

MWOpen contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'leggi_commenti.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50992 - Disclosed: 2008-12-28

Description:

MWP Blog System for PHP-Fusion contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'blog.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 37400 - Disclosed: 2007-09-29

Description:

Mx At A Glance Module for MxBB Portal contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'contrib/mx_glance_sdesc.php' script not properly sanitizing user input supplied to the 'mx_root_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 15172 - Disclosed: 2005-03-31

Description:

MX Kart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'id_ctg' variable in the 'category' module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15173 - Disclosed: 2005-03-31

Description:

MX Kart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id_man" variable in the "index.php" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15167 - Disclosed: 2005-03-31

Description:

MX Kart contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'idp' parameter in the 'Pages' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15168 - Disclosed: 2005-03-31

Description:

MX Shop contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'id_ctg' parameter in the 'Category' module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 19611 - Disclosed: 2005-09-17

Description:

MX Shop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script in the pages module not properly sanitizing user-supplied input to the 'idp', 'id_ctg' and 'id_prd' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 64856 - Disclosed: 2010-03-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33263 - Disclosed: 2006-12-09

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 30536 - Disclosed: 2006-11-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 45606 - Disclosed: 2008-05-20

Description:

MxBB Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'page' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 35760 - Disclosed: 2006-12-12

Description:

(Description Provided by CVE) : Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.

[CLOSE] OSVDB ID : 31235 - Disclosed: 2006-12-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 31233 - Disclosed: 2006-12-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 31237 - Disclosed: 2006-12-11

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 31232 - Disclosed: 2006-12-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 31236 - Disclosed: 2006-12-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 31234 - Disclosed: 2006-12-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

[CLOSE] OSVDB ID : 31238 - Disclosed: 2006-12-02

Description:

mxBB mx_tinies contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'includes/common.php' script not properly sanitizing user input supplied to the 'module_root_path' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35752 - Disclosed: 2007-04-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

[CLOSE] OSVDB ID : 31958 - Disclosed: 2006-11-05

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 44396 - Disclosed: 2008-03-30

Description:

mxbBB mx_blogs contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/functions_weblog.php' script not properly sanitizing user input supplied to the ' mx_root_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 49887 - Disclosed: 2008-11-17

Description:

(Description Provided by CVE) : Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 49886 - Disclosed: 2008-11-17

Description:

(Description Provided by CVE) : mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini.

[CLOSE] OSVDB ID : 21339 - Disclosed: 2005-12-01

Description:

MXChange contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21338 - Disclosed: 2005-12-01

Description:

MXChange contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 32470 - Disclosed: 2006-12-24

Description:

(Description Provided by CVE) : SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

[CLOSE] OSVDB ID : 60193 - Disclosed: 2009-07-13

Description:

(Description Provided by CVE) : Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters.

[CLOSE] OSVDB ID : 63148 - Disclosed: 2010-03-22

Description:

Unknown / Incomplete