| OSVDB ID | Disclosure Date | Title |
|---|
|
12506
Description:
Unknown / Incomplete
|
2004-12-15
|
WackoWiki textsearch XSS
|
|
8378
Description:
WackoWiki contains a flaw that may lead to an unauthorized information disclosure. Nio further details have been provided.
|
2003-06-28
|
WackoWiki Unspecified Information Disclosure
|
|
8376
Description:
WackoWiki contains multiple flaws that allows remote cross site scripting attacks. No further details have been provided.
|
2003-06-28
|
WackoWiki Unspecified Multiple XSS
|
|
14750
Description:
By default, Waffle BBS installs with a default password. The root account has a blank password which is publicly known and documented. This allows attackers to trivially access the program or system.
|
1985-01-01
|
Waffle BBS Default root Password
|
|
14740
Description:
The external LIST command used in many Waffle BBS installations may allow a user to display the content of any file on the system. The issue is that the LIST command would allow a user to supply any file on the system, including the /waffle/admin/password file. Because the command also ignores the ^Z character, it would display the entire file including the system password.
|
1991-03-08
|
Waffle BBS LIST Command Arbitrary File Disclosure
|
|
14749
Description:
Waffle BBS contains a flaw that may allow a user to bypass file download ratio restrictions. The issue is due to the BBS software not properly filtering file requests passed to the ZMODEM program. By specifying a wildcard for file downloads, a user can download any file without it counting against their ratio.
|
1991-03-08
|
Waffle BBS Wildcard Download Restriction Bypass
|
|
78519
Description:
WAGO I/O System 750 / 758 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the changing of an administrator's password. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2012-01-20
|
WAGO I/O System 750 / 758 Admin Password Manipulation CSRF
|
|
78781
Description:
Unknown / Incomplete
|
2012-01-20
|
WAGO I/O System 750 Arbitrary Firmware Download
|
|
78780
Description:
By default, WAGO I/O System 750 installs with multiple default passwords. The admin account has a password of wago, the user account a password of user, and the guest account a password of guest, which are publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.
|
2012-01-20
|
WAGO I/O System 750 Multiple Default Password
|
|
78782
Description:
Unknown / Incomplete
|
2012-01-20
|
WAGO I/O System 750 PLC Web Interface Multiple File Information Disclosure
|
|
51640
Description:
Walking Club contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.aspx script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-01-16
|
Walking Club login.aspx Multiple Parameter SQL Injection
|
|
20885
Description:
(Description Provided by CVE) : ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.
|
2005-11-14
|
Walla TeleSite ts.cgi File Existence Enumeration
|
|
20884
Description:
Unknown / Incomplete
|
2005-11-14
|
Walla TeleSite ts.exe Invalid Parameter Path Disclosure
|
|
20883
Description:
Walla TeleSite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ts.exe (also know as ts.cgi) script not properly sanitizing user-supplied input to the 'sug' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-11-14
|
Walla TeleSite ts.exe sug Parameter SQL Injection
|
|
20882
Description:
Walla TeleSite contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sug' parameter upon submission to the 'ts.exe' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-11-14
|
Walla TeleSite ts.exe sug Parameter XSS
|
|
20881
Description:
(Description Provided by CVE) : ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.
|
2005-11-14
|
Walla TeleSite ts.exe tsurl Variable Arbitrary Article Access
|
|
40368
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
|
2007-12-22
|
Wallpaper Site category.php catid Parameter SQL Injection
|
|
40369
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
|
2007-12-22
|
Wallpaper Site editadgroup.php groupid Parameter SQL Injection
|
|
35986
Description:
Wallpaper Website contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'dlwallpaper.php' script not properly sanitizing user-supplied input to the 'wallpaperid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2006-11-24
|
Wallpaper Website dlwallpaper.php wallpaperid Parameter SQL Injection
|
|
35985
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.
|
2006-11-24
|
Wallpaper Website process.php Multiple Parameter SQL Injection
|
|
30680
Description:
(Description Provided by CVE) : SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter.
|
2006-11-23
|
Wallpaper Website wallpaper.php wallpaperid Parameter SQL Injection
|
|
73217
Description:
(Description Provided by CVE) : WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.
|
2011-05-26
|
WalRack Unrestricted Double-extension File Upload Arbitrary PHP Code Execution
|
|
73216
Description:
(Description Provided by CVE) : Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2.0.6 has unknown impact and attack vectors, possibly related to file deletion and an encoded URL, a different vulnerability than CVE-2011-1329.
|
2011-06-02
|
WalRack Unspecified Issue
|
|
37187
Description:
(Description Provided by CVE) : Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
|
2007-06-08
|
Walter Zorn wz_tooltip.js (aka wz_tooltips) Unspecified Issue
|
|
62481
Description:
WampServer contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'lang' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-02-22
|
WampServer index.php lang Parameter XSS
|
|
21867
Description:
Wandsoft e-Search contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-12-22
|
WANDSOFT e-SEARCH keywords Parameter XSS
|
|
76230
Description:
WAnewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-09-23
|
WAnewsletter index.php id Parameter SQL Injection
|
|
38812
Description:
WAnewsletter contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'newsletter.php' not properly sanitizing user input supplied to the 'waroot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2007-05-28
|
WAnewsletter newsletter.php waroot Parameter Remote File Inclusion
|
|
48840
Description:
(Description Provided by CVE) : Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
|
2008-04-18
|
WANPIPE bri Restart Logic Unspecified Race Condition
|
|
14392
Description:
Unknown / Incomplete
|
2005-02-28
|
WANPIPE Unspecified PCI Related Issue
|
