[CLOSE] OSVDB ID : 30167 - Disclosed: 2006-10-18

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.

[CLOSE] OSVDB ID : 30168 - Disclosed: 2006-10-18

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.

[CLOSE] OSVDB ID : 30777 - Disclosed: 2006-11-29

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 37550 - Disclosed: 2006-12-31

Description:

(Description Provided by CVE) : P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.

[CLOSE] OSVDB ID : 53809 - Disclosed: 2003-05-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33791 - Disclosed: 2006-10-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.

[CLOSE] OSVDB ID : 30776 - Disclosed: 2006-11-28

Description:

(Description Provided by CVE) : P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.

[CLOSE] OSVDB ID : 81905 - Disclosed: 2007-07-11

Description:

P-synch contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'style' parameter before use in a domain password reset. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 52980 - Disclosed: 2003-05-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 52978 - Disclosed: 2003-05-29

Description:

M-Tech's P-Synch password management product contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variable upon submission to the nph-psa.exe script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4919 - Disclosed: 2003-05-29

Description:

P-Sync Password Management contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the nph-psa.exe script with a malformed lang parameter, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 52979 - Disclosed: 2003-05-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4920 - Disclosed: 2003-05-29

Description:

M-Tech's P-Synch password management product contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variable upon submission to the nph-psf.exe script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 52977 - Disclosed: 2003-05-29

Description:

P-Sync Password Management contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the nph-psf.exe script with a malformed lang parameter, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 26374 - Disclosed: 2006-06-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page.

[CLOSE] OSVDB ID : 26375 - Disclosed: 2006-06-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page.

[CLOSE] OSVDB ID : 38984 - Disclosed: 2007-11-27

Description:

p.mapper contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'incphp/globals.php' script not properly sanitizing user input supplied to the '_SESSION[PM_INCPHP]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 38985 - Disclosed: 2007-11-27

Description:

p.mapper contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'plugins/export/mc_table.php' script not properly sanitizing user input supplied to the '_SESSION[PM_INCPHP] parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 19275 - Disclosed: 2005-09-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 15312 - Disclosed: 2005-04-07

Description:

P2P Share Spy contains a flaw that may lead to an unauthorized information disclosure. The issue is due to plaintext storage of information in the registry, which may disclose the program launch password to local users resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 63357 - Disclosed: 2010-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63358 - Disclosed: 2010-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49988 - Disclosed: 2008-08-13

Description:

p3nfs contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the bluetooth.rc script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28762 - Disclosed: 2006-09-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter.

[CLOSE] OSVDB ID : 5902 - Disclosed: 2004-05-05

Description:

P4DB contains a flaw that may allow a remote attacker to execute arbitrary commands on the system. The problem is that various scripts fail to validate user input properly. It is possible that the flaw may allow an attacker to run arbitrary commands on the web server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 5901 - Disclosed: 2004-05-05

Description:

P4DB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to an unknown script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39297 - Disclosed: 2007-12-19

Description:

(Description Provided by CVE) : P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.

[CLOSE] OSVDB ID : 4995 - Disclosed: 2002-07-22

Description:

Pablo Software Solutions Quick and Easy FTP Server contains a flaw that allows a remote attacker to view directories outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied directly via the LIST command.

[CLOSE] OSVDB ID : 4996 - Disclosed: 2004-04-08

Description:

Pablo FTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker supplies a username containing format specifiers, and will result in loss of availability for the service. It is believed that execution of arbitrary code is possible as well.

[CLOSE] OSVDB ID : 4647 - Disclosed: 2003-06-03

Description:

Pablo FTP Service contains a flaw that may allow a remote attacker to retrieve arbitrary files. The problem is that the anonymous account defaults to allow download privileges of any file on the system. It is possible that the flaw may allow a remote attacker to retrieve any file in the C:\ directory resulting in a loss of confidentiality.