| OSVDB ID | Disclosure Date | Title |
|---|
|
51275
Description:
Unknown / Incomplete
|
2009-01-12
|
RackTables Null Password LDAP User Authentication Bypass
|
|
32066
Description:
(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below."
|
2006-12-12
|
Rad Upload upload.php save_path Parameter Remote File Inclusion
|
|
58195
Description:
RADactive I-Load contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified parameters (parameters that begin with two underscores "__") upon submission to the 'WebcodeModule.ashx' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-09-17
|
RADactive I-Load WebcodeModule.ashx Multiple Parameter XSS
|
|
58197
Description:
(Description Provided by CVE) : Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.
|
2009-09-17
|
RADactive I-Load Webcontrol File Upload Arbitrary Command Execution
|
|
58194
Description:
(Description Provided by CVE) : WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname.
|
2009-09-17
|
RADactive I-Load WebCoreModule.ashx File Upload Absolute Path Disclosure
|
|
58196
Description:
(Description Provided by CVE) : Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
2009-09-17
|
RADactive I-Load WebCoreModule.ashx Traversal Arbitrary File Access
|
|
50417
Description:
Unknown / Incomplete
|
2008-12-03
|
RadAsm Crafted RAP File Handling Overflow
|
|
56731
Description:
Unknown / Incomplete
|
2009-08-03
|
RadAsm MNU File Handling Format String
|
|
15430
Description:
RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'farea' variable upon submission to the faq.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-04-09
|
RadBids Gold faq.php farea Parameter XSS
|
|
56001
Description:
RadBids Gold contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'fid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-07-17
|
RadBids Gold index.php fid Parameter SQL Injection
|
|
15429
Description:
RadBids Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-04-09
|
RadBids Gold index.php mode Parameter SQL Injection
|
|
15431
Description:
RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat', 'order' or 'area' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-04-09
|
RadBids Gold index.php Multiple Parameter XSS
|
|
15428
Description:
RadBids Gold contains a flaw that allows a remote attacker to access arbitray files outside of the web path. The issue is due to the index.phps cript not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'read' variable.
|
2005-04-09
|
RadBids Gold index.php read Parameter Traversal Arbitrary File Access
|
|
56000
Description:
RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'mode' parameters upon submission to the 'storefront.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-17
|
RadBids Gold storefront.php mode Parameter XSS
|
|
54834
Description:
RadCLASSIFIEDS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'seller' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-01
|
RadCLASSIFIEDS index.php seller Parameter SQL Injection
|
|
74484
Description:
Radfa Sabadkharid contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cart.php script not properly sanitizing user-supplied input to the 'add2cart' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-08-07
|
Radfa Sabadkharid cart.php add2cart Parameter SQL Injection
|
|
75995
Description:
Unknown / Incomplete
|
2011-10-03
|
Radfa Sabadkharid wysiwyg/editor/filemanager/upload/php/upload.php File Upload Arbitrary PHP Code Execution
|
|
49649
Description:
(Description Provided by CVE) : radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
|
2008-08-24
|
radiance dayfact Multiple Temporary File Symlink Arbitrary File Overwrite
|
|
49647
Description:
(Description Provided by CVE) : radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
|
2008-08-24
|
radiance optics2rad Multiple Temporary File Symlink Arbitrary File Overwrite
|
|
49648
Description:
(Description Provided by CVE) : radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
|
2008-08-24
|
radiance pdelta Multiple Temporary File Symlink Arbitrary File Overwrite
|
|
49650
Description:
(Description Provided by CVE) : radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
|
2008-08-24
|
radiance raddepend Multiple Temporary File Symlink Arbitrary File Overwrite
|
|
91091
Description:
By default, Radiant CMS installs with default admin credentials (username/password combination). The 'admin' account has a password of 'radiant', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
|
2006-04-09
|
Radiant CMS Default Admin Credentials
|
|
57269
Description:
Unknown / Incomplete
|
1998-10-17
|
Radiator /tmp/radiusd.pid Manipulation Unspecified Issue
|
|
57271
Description:
Unknown / Incomplete
|
1999-07-14
|
Radiator Associated Packet Handling Remote DoS
|
|
57279
Description:
Unknown / Incomplete
|
2003-09-23
|
Radiator AuthBy LDAP2 INFO Debug Level Cleartext Password Local Disclosure
|
|
56364
Description:
Unknown / Incomplete
|
2009-03-11
|
Radiator AuthBy RADIUS Non-existant DNS Name Forwarding Remote DoS
|
|
57277
Description:
Unknown / Incomplete
|
2002-08-27
|
Radiator AuthBy SQL / LDAP* %Eval Character Syntax Unspecified Issue
|
|
56363
Description:
Unknown / Incomplete
|
2009-03-11
|
Radiator AuthBy WIMAX DHCP Key Handling Unspecified DoS
|
|
57267
Description:
Unknown / Incomplete
|
1998-06-14
|
Radiator AuthSQL NULL Keyword Authentication Bypass
|
|
57270
Description:
Unknown / Incomplete
|
1998-10-17
|
Radiator AuthUNIX Cached Password Authentication Bypass
|
