[CLOSE] OSVDB ID : 30540 - Disclosed: 2006-11-19

Description:

Rapid Classified contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' variable upon submission to the view_print.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30538 - Disclosed: 2006-11-19

Description:

(Description Provided by CVE) : SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 75886 - Disclosed: 2011-02-14

Description:

Rapid Leech contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to multiple scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 41481 - Disclosed: 2008-02-12

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.

[CLOSE] OSVDB ID : 66248 - Disclosed: 2010-07-12

Description:

Rapid Recipe Component for Joomla! contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'introtext', 'ingredients', 'steps', and 'recipecomment' parameters upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 46032 - Disclosed: 2008-06-08

Description:

Rapid Recipe for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "recipe_id" variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 3553 - Disclosed: 2004-01-15

Description:

RapidCache contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long "Host:" header is supplied, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 3554 - Disclosed: 2004-01-15

Description:

RapidCache contains a flaw that allows a remote attacker to read arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

[CLOSE] OSVDB ID : 78097 - Disclosed: 2011-12-20

Description:

Rapidleech contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'links' parameter upon submission to the audl.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78098 - Disclosed: 2011-12-21

Description:

Rapidleech contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'notes' parmaeter upon submission to the notes.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 53078 - Disclosed: 2009-03-14

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter.

[CLOSE] OSVDB ID : 52753 - Disclosed: 2009-03-14

Description:

(Description Provided by CVE) : Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter.

[CLOSE] OSVDB ID : 52754 - Disclosed: 2009-03-14

Description:

Rapidleech contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uploaded' parameters upon submission to the 'upload.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39981 - Disclosed: 2008-01-07

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.

[CLOSE] OSVDB ID : 8037 - Disclosed: 2000-08-14

Description:

(Description Provided by CVE) : sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.

[CLOSE] OSVDB ID : 1501 - Disclosed: 2000-08-02

Description:

Raptor GFX contains a flaw that may allow a local attacker to gain root privileges. The issue is due to the a flaw in the "pgxconfig" utility that allows an attacker to specify an arbitrary path to the "cp" program. If an attacker uses a specially crafted program in its place, it will be called allowing execution of arbitrary commands with root privileges.

[CLOSE] OSVDB ID : 5740 - Disclosed: 2000-08-02

Description:

Raptor GFX contains a flaw in the pgxconfig utility that may allow a malicious user to gain root privileges. The issue results from the combination of two issues: 1) pgxconfig is suid root and 2) pgxconfig uses a predictable temporary file name. It is possible that the flaw may allow a malicious user to over write any file on the system, resulting in a loss of integrity, and/or availability.

[CLOSE] OSVDB ID : 80307 - Disclosed: 2012-03-22

Description:

Raptor contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when processing XML external entities in certain XML components within an RDF document, which will disclose contents of arbitrary files to a context-dependent attacker.

[CLOSE] OSVDB ID : 8975 - Disclosed: 2001-07-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.

[CLOSE] OSVDB ID : 19914 - Disclosed: 2005-10-11

Description:

(Description Provided by CVE) : Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

[CLOSE] OSVDB ID : 33124 - Disclosed: 2007-02-07

Description:

(Description Provided by CVE) : Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

[CLOSE] OSVDB ID : 71453 - Disclosed: 2011-04-03

Description:

Rash CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the module/contact/contact-config.php script not properly sanitizing user-supplied input passed via the 'reciver' parameter to 'index.php'. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 57468 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'Admin Login' page not properly sanitizing user-supplied input to the 'user' parameter. This may allow an a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57469 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Quote Addition not properly sanitizing user-supplied input to the 'quote' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57467 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Search Functionality not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57470 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'Admin Login' page not properly sanitizing user-supplied input to the 'user' parameter. This may allow an a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22198 - Disclosed: 2006-01-04

Description:

raSMP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input to the "User-Agent" HTTP header before submission to the record_hit() function of the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 90817 - Disclosed: 2013-02-28

Description:

Raspberry Pi Firmware Updater (rpi-update) contains a flaw as rpi-update creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the updateScript.sh file to cause the program to unexpectedly overwrite an arbitrary file when an administrator runs the updater.

[CLOSE] OSVDB ID : 55070 - Disclosed: 2009-06-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

[CLOSE] OSVDB ID : 6618 - Disclosed: 2004-02-11

Description:

(Description Provided by CVE) : Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.