[CLOSE] OSVDB ID : 47823 - Disclosed: 2008-08-24

Description:

(Description Provided by CVE) : javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 54835 - Disclosed: 2009-06-01

Description:

(Description Provided by CVE) : R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.

[CLOSE] OSVDB ID : 36015 - Disclosed: 2007-05-11

Description:

(Description Provided by CVE) : Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.

[CLOSE] OSVDB ID : 64895 - Disclosed: 2010-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64896 - Disclosed: 2010-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64894 - Disclosed: 2010-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18067 - Disclosed: 2005-07-19

Description:

(Description Provided by CVE) : Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message.

[CLOSE] OSVDB ID : 18068 - Disclosed: 2005-07-19

Description:

(Description Provided by CVE) : Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message.

[CLOSE] OSVDB ID : 7094 - Disclosed: 2004-06-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7095 - Disclosed: 2004-06-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7093 - Disclosed: 2004-06-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25914 - Disclosed: 2006-05-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25913 - Disclosed: 2006-05-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39601 - Disclosed: 2007-08-13

Description:

A remote overflow exists in Racer v0.5.3beta5. The game fails to verify buffer lengths resulting in a stack overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 78121 - Disclosed: 2011-12-28

Description:

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

[CLOSE] OSVDB ID : 51275 - Disclosed: 2009-01-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32066 - Disclosed: 2006-12-12

Description:

(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below."

[CLOSE] OSVDB ID : 58195 - Disclosed: 2009-09-17

Description:

RADactive I-Load contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified parameters (parameters that begin with two underscores "__") upon submission to the 'WebcodeModule.ashx' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 58197 - Disclosed: 2009-09-17

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.

[CLOSE] OSVDB ID : 58194 - Disclosed: 2009-09-17

Description:

(Description Provided by CVE) : WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname.

[CLOSE] OSVDB ID : 58196 - Disclosed: 2009-09-17

Description:

(Description Provided by CVE) : Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors.

[CLOSE] OSVDB ID : 50417 - Disclosed: 2008-12-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56731 - Disclosed: 2009-08-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 15430 - Disclosed: 2005-04-09

Description:

RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'farea' variable upon submission to the faq.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56001 - Disclosed: 2009-07-17

Description:

RadBids Gold contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'fid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 15429 - Disclosed: 2005-04-09

Description:

RadBids Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15431 - Disclosed: 2005-04-09

Description:

RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat', 'order' or 'area' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 15428 - Disclosed: 2005-04-09

Description:

RadBids Gold contains a flaw that allows a remote attacker to access arbitray files outside of the web path. The issue is due to the index.phps cript not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'read' variable.

[CLOSE] OSVDB ID : 56000 - Disclosed: 2009-07-17

Description:

RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'mode' parameters upon submission to the 'storefront.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 54834 - Disclosed: 2009-06-01

Description:

RadCLASSIFIEDS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'seller' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.