[CLOSE] OSVDB ID : 43440 - Disclosed: 2008-03-16

Description:

(Description Provided by CVE) : RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.

[CLOSE] OSVDB ID : 90219 - Disclosed: 2013-02-12

Description:

Multiple RaidSonic products contain a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'ntp_name' parameter upon submission to the /cgi/time/time.cgi script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90221 - Disclosed: 2013-02-12

Description:

Multiple RaidSonic products contain a flaw that is due to the program failing to properly sanitized input passed via the 'ping_size' parameter to the /cgi/time/timeHandler.cgi script. This may allow a remote attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 90220 - Disclosed: 2013-02-12

Description:

Multiple RaidSonic products contain a flaw that is triggered when input passed via the 'foldName' parameter is not properly sanitized before being used in the /nav.cgi script. This may allow a remote attacker to bypass authentication.

[CLOSE] OSVDB ID : 39181 - Disclosed: 2007-12-12

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 67882 - Disclosed: 2010-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67886 - Disclosed: 2010-09-02

Description:

Rainbow Portal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Title' parameter upon submission to the 'DesktopModules/Announcements/AnnouncementsEdit.aspx' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67883 - Disclosed: 2010-09-02

Description:

Rainbow Portal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Title', 'Name', and 'Comments' parameters upon submission to the 'DesktopModules/Blog/BlogView.aspx' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67885 - Disclosed: 2010-09-02

Description:

Rainbow Portal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Name', 'Role', 'Office', 'Mobile', 'Fax', and 'Address' parameters upon submission to the 'DesktopModules/Contacts/ContactsEdit.aspx' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67888 - Disclosed: 2010-09-02

Description:

Rainbow Portal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Filename' and 'Category' parameters upon submission to the 'DesktopModules/Documents/DocumentsEdit.aspx' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67887 - Disclosed: 2010-09-02

Description:

Rainbow Portal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Title' and 'Description' parameters upon submission to the 'DesktopModules/EnhancedLinks/EnhancedLinksEdit.aspx' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67884 - Disclosed: 2010-09-02

Description:

Rainbow Portal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Title' and 'Status' parameters upon submission to the 'DesktopModules/MileStones/MilestonesEdit.aspx' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 8784 - Disclosed: 1999-02-11

Description:

(Description Provided by CVE) : Buffer overflow in Rainbow Six Multiplayer allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long nickname (nick) command.

[CLOSE] OSVDB ID : 33683 - Disclosed: 2007-02-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.

[CLOSE] OSVDB ID : 52534 - Disclosed: 2009-03-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31650 - Disclosed: 2006-03-24

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the "failed" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter.

[CLOSE] OSVDB ID : 88593 - Disclosed: 2005-04-09

Description:

Rake contains a flaw that is due to insecure permissions on the FileUtils method. This may allow a context-dependent attacker to write files to other projects.

[CLOSE] OSVDB ID : 50325 - Disclosed: 2008-11-27

Description:

(Description Provided by CVE) : RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 50313 - Disclosed: 2008-11-27

Description:

RakhiSoftware Shopping Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the product.php script not properly sanitizing user-supplied input to the subcategory_id variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50326 - Disclosed: 2008-11-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.

[CLOSE] OSVDB ID : 45034 - Disclosed: 2008-05-12

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 17125 - Disclosed: 2005-06-05

Description:

Raknet contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is received by the server, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 63240 - Disclosed: 2010-03-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46973 - Disclosed: 2007-07-30

Description:

Ralf Image Gallery (RIG) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'check_entry.php' script not properly sanitizing user input supplied to the 'dir_abs_src' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 26754 - Disclosed: 2006-06-20

Description:

Ralf Image Gallery (R.I.G.) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_album.php script not properly sanitizing user input supplied to the 'dir_abs_src' or 'dir_abs_admin_src' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. Additionally, this can be used to access arbitrary files via directory traversal style attacks (../../), or conduct cross-site scripting (XSS) attacks allowing for the execution of arbitrary code in a user's browser within the trust relationship between the browser and the server.

[CLOSE] OSVDB ID : 26755 - Disclosed: 2006-06-20

Description:

Ralf Image Gallery (R.I.G.) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_image.php script not properly sanitizing user input supplied to the 'dir_abs_src' or 'dir_abs_admin_src' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. Additionally, this can be used to access arbitrary files via directory traversal style attacks (../../), or conduct cross-site scripting (XSS) attacks allowing for the execution of arbitrary code in a user's browser within the trust relationship between the browser and the server.

[CLOSE] OSVDB ID : 26756 - Disclosed: 2006-06-20

Description:

Ralf Image Gallery (R.I.G.) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_util.php script not properly sanitizing user input supplied to the 'dir_abs_src' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. Additionally, this can be used to access arbitrary files via directory traversal style attacks (../../), or conduct cross-site scripting (XSS) attacks allowing for the execution of arbitrary code in a user's browser within the trust relationship between the browser and the server.

[CLOSE] OSVDB ID : 26753 - Disclosed: 2006-06-20

Description:

Ralf Image Gallery (R.I.G.) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the check_entry.php script not properly sanitizing user input supplied to the 'dir_abs_src' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. Additionally, this can be used to access arbitrary files via directory traversal style attacks (../../), or conduct cross-site scripting (XSS) attacks allowing for the execution of arbitrary code in a user's browser within the trust relationship between the browser and the server.

[CLOSE] OSVDB ID : 53551 - Disclosed: 2009-01-18

Description:

(Description Provided by CVE) : Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.

[CLOSE] OSVDB ID : 30315 - Disclosed: 2006-11-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.