[CLOSE] OSVDB ID : 21439 - Disclosed: 2005-12-05

Description:

Warm Links contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the 'search.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16802 - Disclosed: 2005-05-23

Description:

Warrior Kings: Battles contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed join packet, which causes the server to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 16801 - Disclosed: 2005-05-23

Description:

Warrior Kings and Warrior Kings: Battles contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to a format string error in the text visualization. With a specially crafted nickname, a remote attacker may execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36721 - Disclosed: 2007-06-22

Description:

(Description Provided by CVE) : Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music.

[CLOSE] OSVDB ID : 36720 - Disclosed: 2006-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27910 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.

[CLOSE] OSVDB ID : 27911 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.

[CLOSE] OSVDB ID : 21288 - Disclosed: 2005-11-29

Description:

WASD WebServer PerlRTE_example1.pl contains a format string flaw. The issue is triggered when a user sends malcious input via format string errors in the $name variable. It is possible that the flaw may allow arbitrary code execution and/or a denial of service.

[CLOSE] OSVDB ID : 40854 - Disclosed: 2008-01-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.

[CLOSE] OSVDB ID : 61023 - Disclosed: 2009-12-15

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

[CLOSE] OSVDB ID : 68926 - Disclosed: 2010-10-29

Description:

Watcher Module for Drupal contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the subscribe and unsubscribe actions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 68925 - Disclosed: 2010-10-29

Description:

Watcher Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 21746 - Disclosed: 2005-12-15

Description:

(Description Provided by CVE) : Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.

[CLOSE] OSVDB ID : 44872 - Disclosed: 2008-04-25

Description:

(Description Provided by CVE) : Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.

[CLOSE] OSVDB ID : 5004 - Disclosed: 2002-07-09

Description:

(Description Provided by CVE) : Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.

[CLOSE] OSVDB ID : 1648 - Disclosed: 2000-11-16

Description:

WatchGuard Firebox II contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker floods the server with FTP or SMTP requests, disabling subsequent proxy handling.

[CLOSE] OSVDB ID : 1740 - Disclosed: 2001-01-20

Description:

Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication.

[CLOSE] OSVDB ID : 6438 - Disclosed: 2001-04-05

Description:

Watchguard Firebox II contains a flaw that may allow a remote denial of service. The issue is due to the kernel of Firebox II not properly handling malformed TCP or ICMP packets. By sending a large stream (>10,000) of malformed ICMP or TCP packets, a remote attacker can crash or reboot the system, resulting in loss of availability.

[CLOSE] OSVDB ID : 1512 - Disclosed: 2000-08-15

Description:

(Description Provided by CVE) : Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.

[CLOSE] OSVDB ID : 1761 - Disclosed: 2001-02-14

Description:

(Description Provided by CVE) : Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets.

[CLOSE] OSVDB ID : 44218 - Disclosed: 2008-04-04

Description:

(Description Provided by CVE) : The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.

[CLOSE] OSVDB ID : 1863 - Disclosed: 2001-06-08

Description:

(Description Provided by CVE) : SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.

[CLOSE] OSVDB ID : 4401 - Disclosed: 2000-12-14

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote attacker to remotely change the administrative password. The issue is due to a flaw in the authentication mechanism of the device, which allows a blank unauthenticated request to the /passcfg object. Such a request will reset the password to an empty field allowing the attacker to use any administrative options without having to provide authentication credentials.

[CLOSE] OSVDB ID : 1690 - Disclosed: 2000-12-14

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a large amount of fragmented packets, and will result in loss of availability for the firewall.

[CLOSE] OSVDB ID : 4403 - Disclosed: 2000-12-14

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends an overly long GET request to the Web administration interface, and will result in loss of availability for the firewall.

[CLOSE] OSVDB ID : 4407 - Disclosed: 2002-07-01

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote attacker to gain access to the FTP service. The issue is due to the FTP service not requiring a valid user name to log in. This allows an attacker to more easily brute force a valid password without the need of a matching account. If compromised, the firewall configuration and other sensitive information could be downloaded.

[CLOSE] OSVDB ID : 4405 - Disclosed: 2002-04-08

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends IP packets with invalid IP options set which will crash the firewall resulting in a loss of availability.

[CLOSE] OSVDB ID : 4406 - Disclosed: 2002-04-10

Description:

WatchGuard Firebox SOHO contains a flaw that may allow an attacker to access protected custom services. The issue is due to a non-descript flaw that causes IP restrictions for custom services to intermittently fail.

[CLOSE] OSVDB ID : 4402 - Disclosed: 2000-12-04

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a large number of GET requests to the web server, and will result in loss of availability for the firewall.

[CLOSE] OSVDB ID : 59954 - Disclosed: 2002-10-10

Description:

(Description Provided by CVE) : WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.