| OSVDB ID | Disclosure Date | Title |
|---|
|
57274
Description:
Unknown / Incomplete
|
2000-08-21
|
Radiator ClientListSQL NoIgnoreDuplicates Column Data Handling DoS
|
|
57280
Description:
Unknown / Incomplete
|
2006-11-09
|
Radiator Crafted AuthBy DIGIPASS Clause Handling Remote DoS
|
|
40363
Description:
(Description Provided by CVE) : Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.
|
2008-01-14
|
Radiator Crafted RADIUS Request Remote DoS
|
|
57275
Description:
Unknown / Incomplete
|
2000-11-21
|
Radiator decode_tunnel_password Out-of-spec Tunnel Password Remote DoS
|
|
56362
Description:
Unknown / Incomplete
|
2009-03-11
|
Radiator Malformed RADIUS Request Infinite Loop Remote DoS
|
|
57276
Description:
Unknown / Incomplete
|
2002-08-20
|
Radiator Malformed Session-Timeout Remote DoS
|
|
57273
Description:
Unknown / Incomplete
|
2000-05-19
|
Radiator MD5 Password Encryption Zero Length Salt Weakness
|
|
57282
Description:
Unknown / Incomplete
|
2008-07-17
|
Radiator Monitor / ServerDIAMETER Clauses Crafted Request Remote DoS
|
|
57272
Description:
Unknown / Incomplete
|
2000-02-15
|
Radiator on Intel Tunnel-Password Non-compliant Encrypted Password Generation Weakness
|
|
57281
Description:
Unknown / Incomplete
|
2007-03-26
|
Radiator parseDate Malformed Date Handling Remote DoS
|
|
57266
Description:
Unknown / Incomplete
|
1998-06-14
|
Radiator radacct.cgi Cross-user Detail Disclosure
|
|
57268
Description:
Unknown / Incomplete
|
1998-07-13
|
Radiator Radius::unpack Malformed Packet Processing Infinite Loop DoS
|
|
56365
Description:
Unknown / Incomplete
|
2009-03-11
|
Radiator Tacacs Authentication Debug Log File Cleartext Password Disclosure
|
|
57278
Description:
Unknown / Incomplete
|
2003-04-14
|
Radiator Tunnelled Request Special Character Handling Remote DoS
|
|
55318
Description:
Radio and TV Player Addon for vBulletin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'station' parameters upon submission to the 'forum/radioandtv.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-06-15
|
Radio and TV Player Addon for vBulletin forum/radioandtv.php station Parameter XSS
|
|
92088
Description:
Radio CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the meneger.php script not properly sanitizing user-supplied input to the 'playlist_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2013-04-04
|
Radio CMS meneger.php playlist_id Parameter SQL Injection
|
|
60516
Description:
(Description Provided by CVE) : RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
|
2009-11-25
|
RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
|
|
83119
Description:
Radio Plan Plugin for e107 contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the e107_plugins/radio_plan/admin/upload.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.
|
2012-06-18
|
Radio Plan Plugin for e107 e107_plugins/radio_plan/admin/upload.php File Upload PHP Code Execution
|
|
8946
Description:
(Description Provided by CVE) : Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters.
|
2002-10-15
|
RadioBird WebServer 4 Everyone Encoded Double Dot Traversal Arbitrary File Access
|
|
59540
Description:
(Description Provided by CVE) : Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request with the Host header set.
|
2002-10-23
|
RadioBird WebServer 4 Everyone Long Host Header HTTP GET Request Remote DoS
|
|
45120
Description:
Unknown / Incomplete
|
1998-07-14
|
RadioGatun (Panama) Algorithm Hash Function Collision Cryptanalysis Weakness
|
|
69956
Description:
Radius Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' and 'descr' parameters upon submission to the 'admin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-12-17
|
Radius Manager admin.php Multiple Parameter XSS
|
|
57235
Description:
Unknown / Incomplete
|
2009-08-21
|
Radix Anti-Rootkit SDTHLPR.sys IOCTL Handling Local Privilege Escalation
|
|
55948
Description:
RadLance Gold contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'fid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-07-17
|
RadLance Gold index.php fid Parameter SQL Injection
|
|
55949
Description:
RadLance Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'fid' and 'pr' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-17
|
RadLance Gold index.php Multiple Parameter XSS
|
|
25522
Description:
RadLance Gold contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the popup.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'read' variable.
|
2006-05-15
|
RadLance Gold popup.php read Parameter Traversal Arbitrary File Access
|
|
55950
Description:
RadNics Gold contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the fid parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-07-17
|
RadNics Gold index.php fid Parameter SQL Injection
|
|
55951
Description:
RadNics Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the fid parameter (when a is set to view_forum) and order parameter (when a is set to ulist) upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-17
|
RadNics Gold index.php Multiple Parameter XSS
|
|
29406
Description:
Some RadScripts products contain a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due to a_editpage.php not properly sanitizing user input supplied to the filename variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2006-07-24
|
RadScripts a_editpage.php filename Variable Arbitrary File Overwrite
|
|
86547
Description:
radsecproxy contains a flaw that is triggered when an error occurs during the validation of client certificates. This may cause certain certificates that would otherwise be denied to be accepted.
|
2012-09-13
|
radsecproxy Client Certificate Validation Weakness
|
