| OSVDB ID | Disclosure Date | Title |
|---|
|
53652
Description:
Multiple X Engine Soft products contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Admin Login Page not properly sanitizing user-supplied input to the 'USERNAME' and 'PASSWORD' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-04-13
|
X Engine Soft Multiple Products Admin Login Page Multiple Parameter SQL Injection
|
|
34405
Description:
(Description Provided by CVE) : Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
|
2007-03-21
|
X MultiMedia System (xmms) Skin Bitmap Image Crafted Header Memory Corruption
|
|
34406
Description:
(Description Provided by CVE) : Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
|
2007-03-21
|
X MultiMedia System (xmms) Skin Bitmap Image Crafted Header Overflow
|
|
57740
Description:
Unknown / Incomplete
|
1990-07-20
|
X Windows -L Linked Binary Relative Path Handling Local Privilege Escalation
|
|
5856
Description:
The X Window System contains a flaw that may allow a remote attacker to access arbitrary X sessions. The problem is that the system rand() function, used to generate MIT-MAGIC-COOKIE-1 keys when DES is not available, is weak on some systems. It is possible that the flaw may allow to obtain passwords and/or execute commands resulting in a loss of confidentiality and/or integrity.
|
1995-11-02
|
X Windows Magic Cookie Prediction Command Execution
|
|
39250
Description:
Unknown / Incomplete
|
2006-10-06
|
X Windows Unspecified HTML Processing DoS
|
|
57730
Description:
Unknown / Incomplete
|
1990-03-09
|
X Windows xterm Emulator Escape Sequence Handling Remote Privilege Escalation
|
|
38977
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.
|
2007-09-11
|
X-Cart admin/auth.php xcart_dir Parameter Remote File Inclusion
|
|
3810
Description:
X-Cart contains a flaw that may lead to an unauthorized information disclosure. The problem is that the "auth.php" script does not validate user-supplied input to the "shop_closed_file" variable. With a specially crafted URL request a remote attacker could view any file on the Web server resulting in a loss of confidentiality.
|
2004-02-03
|
X-Cart auth.php Arbitrary File Retrieval
|
|
38972
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.
|
2007-09-11
|
X-Cart config.php xcart_dir Parameter Remote File Inclusion
|
|
58885
Description:
X-Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'email' parameters upon submission to the 'customer/home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-10-06
|
X-Cart customer/home.php email Parameter XSS
|
|
38975
Description:
X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to product.php not properly sanitizing user input supplied to the 'xcart_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2007-09-11
|
X-Cart customer/product.php xcart_dir Parameter Remote File Inclusion
|
|
3811
Description:
X-Cart contains a flaw that may lead to an unauthorized information disclosure. The problem is that the "general.php" script does not validate user-supplied input to the "mode" variable. With a specially crafted URL request a remote attacker could reveal the installation path resulting in a loss of confidentiality.
|
2004-02-03
|
X-Cart general.php Information Disclosure
|
|
3808
Description:
X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'general.php' script does not validate user-supplied input to the "perl_binary" variable. With a specially crafted URL request a remote attacker could execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.
|
2004-02-03
|
X-Cart general.php perl_binary Parameter Arbitrary Command Execution
|
|
16946
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the error_message.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold error_message.php id Parameter SQL Injection
|
|
16938
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the error_message.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold error_message.php id Parameter XSS
|
|
16951
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'gcid' and 'gcindex' variables in the giftcert.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold giftcert.php Multiple Parameter SQL Injection
|
|
16943
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'gcid' or 'gcindex' variables upon submission to the giftcert.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold giftcert.php Multiple Parameter XSS
|
|
16947
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'section' variable in the help.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold help.php section Parameter SQL Injection
|
|
16939
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'section' variable upon submission to the help.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold help.php section Parameter XSS
|
|
16944
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'cat' and 'printable' variables in the home.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold home.php Multiple Parameter SQL Injection
|
|
16936
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' or 'printable' variables upon submission to the home.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold home.php Multiple Parameter XSS
|
|
16948
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the orders.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold orders.php mode Parameter SQL Injection
|
|
16940
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the orders.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold orders.php mode Parameter XSS
|
|
16945
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'productid' and 'mode' variables in the product.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold product.php Multiple Parameter SQL Injection
|
|
16937
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'productid' or 'mode' variables upon submission to the product.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold product.php Multiple Parameter XSS
|
|
16949
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the register.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold register.php mode Parameter SQL Injection
|
|
16941
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold register.php mode Parameter XSS
|
|
16950
Description:
X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the search.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-30
|
X-Cart Gold search.php mode Parameter SQL Injection
|
|
16942
Description:
X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-30
|
X-Cart Gold search.php mode Parameter XSS
|
