| OSVDB ID | Disclosure Date | Title |
|---|
|
15464
Description:
A remote overflow exists in Windows. Internet Explorer improperly validates long URLs resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-04-12
|
Microsoft IE wininet.dll Long Hostname Heap Corruption Code Execution
|
|
6710
Description:
PHP contains a flaw that may allow a malicious user to bypass security restriction. The issue is due to an input validation error in the escapeshellcmd() routine. The escapeshellcmd() routine fails to filter the characters "%|>", allowing a remote attacker to access environment variables, redirect output and execute arbitrary commands. The flaw will result in a loss of confidentiality and integrity.
|
2004-06-07
|
PHP escapeshellcmd() Security Bypass
|
|
6737
Description:
PHP contains a flaw that may allow a malicious user to bypass security restriction. The issue is due to input validation error in the escapeshellarg() routine. The escapeshellarg() routine fails to filter the characters "%", allowing a remote attacker to access environment variables. The flaw will result in a loss of confidentiality and integrity.
|
2004-06-07
|
PHP escapeshellarg() Security Bypass
|
|
5783
Description:
Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the ssienv.shtml script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-05-04
|
Sambar Server ssienv.shtml XSS
|
|
5543
Description:
Netscape Messenger contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when malicious link invoked from message contains "document.referrer" property, which will disclose user's login, mailbox location and installation path information resulting in a loss of confidentiality.
|
2004-04-08
|
Netscape Messenger document.referrer Information Disclosure
|
|
5780
Description:
Sambar Server contains a flaw that may allow a malicious user to circumvent proxy access restrictions. The issue is triggered when a specially crafted HTTP/1.1 request is used by an attacker. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity, and/or availability.
|
2003-09-25
|
Sambar Server Proxy IP Filter Bypass
|
|
5781
Description:
Sambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially-crafted request containing a valid device name is sent to the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2003-09-25
|
Sambar Server DOS Device Name Code Execution
|
|
5782
Description:
Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "price" variable upon submission to the "mortgage.pl" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-09-25
|
Sambar Server mortgage.pl price Parameter XSS
|
|
5784
Description:
Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the dumpenv.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-09-25
|
Sambar Server dumpenv.pl XSS
|
|
5785
Description:
Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate email variables upon submission to the book.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-09-25
|
Sambar Server book.pl E-mail Field XSS
|
|
9547
Description:
Mirabilis ICQLite contains a flaw that may allow a malicious local user to overwrite or delete files in the ICQLite folder. The issue exists because ICQLite adds the Interactive Users group with Full Control to the ACL of the ICQLite program folder. It is possible that the flaw may result in a loss of integrity.
|
2003-05-29
|
Mirabilis ICQLite Home Directory Permission Weakness Privilege Escalation
|
|
8101
Description:
UnZip contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when an archived file contains double dot (..) sequences in the file name, which could allow a malicious user to overwrite arbitrary files on the system resulting in a loss of integrity.
|
2001-07-02
|
UnZip Double Dot Arbitrary File Overwrite
|
|
8102
Description:
UnZip contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when an archived file contains single slash ('/') sequences in the file name, which could allow a malicious user to overwrite arbitrary files on the system resulting in a loss of integrity.
|
2001-07-02
|
UnZip Single Slash Arbitrary File Overwrite
|
