[CLOSE] OSVDB ID : 19940 - Disclosed: 2005-10-06

Description:

Utopia News Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sitetitle' variable upon submission to the 'header.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19941 - Disclosed: 2005-10-06

Description:

Utopia News Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'version' and 'query_count' variables upon submission to the 'footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19942 - Disclosed: 2005-10-06

Description:

Utopia News Pro contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'news.php' script not properly sanitizing user-supplied input to the 'newsid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19935 - Disclosed: 2005-10-01

Description:

myBloggie contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input beginning with a null character to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19885 - Disclosed: 2005-09-29

Description:

Lucid CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login form script not properly sanitizing user-supplied input to the 'login' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19718 - Disclosed: 2005-09-28

Description:

PHP-Fusion contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'messages.php' script not properly sanitizing user-supplied input to the 'msg_send' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19679 - Disclosed: 2005-09-24

Description:

Mailgust contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password reminder page not properly sanitizing user-supplied input to the email field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19650 - Disclosed: 2005-09-22

Description:

My Little Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19666 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password.php script not properly sanitizing user-supplied input to the user: field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19667 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PMF_CONF[version]' variable upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19668 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PMF_LANG[metaLanguage]' variable upon submission to the header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19669 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'LANGCODE' variable.

[CLOSE] OSVDB ID : 19670 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests a log file from the /data/ directory occurs, which will disclose user information and other log entries resulting in a loss of confidentiality. This attack requires the attacker to supply a file name based on the date.

[CLOSE] OSVDB ID : 19671 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides an invalid file to the LANGCODE variable of index.php, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 19672 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered when an attacker sends a crafted User Agent field with PHP code. Once injected, subsequent commands to a script such as index.php can be called to execute arbitrary commands.

[CLOSE] OSVDB ID : 19673 - Disclosed: 2005-09-22

Description:

phpMyFAQ contains a flaw that allows a remote attacker to execute arbitrary PHP scripts outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'LANGCODE' variable. Note: Script requests must be made without a file extension, as the system will append ".php" by default.

[CLOSE] OSVDB ID : 19523 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the txt.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'current_dir' variable.

[CLOSE] OSVDB ID : 19524 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the htm.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'current_dir' variable.

[CLOSE] OSVDB ID : 19525 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the html.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'current_dir' variable.

[CLOSE] OSVDB ID : 19526 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that allows a remote attacker to access arbitrary zip files outside of the web path. The issue is due to the zip.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'current_dir' variable.

[CLOSE] OSVDB ID : 19527 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that may allow a malicious user to include arbitrary HTML content from remote sites. The issue is triggered when an attacker requests the htm.php script but supplies remote HTML content to the 'current_dir' variable. It is possible that the flaw may allow a remote user to manipulate site content.

[CLOSE] OSVDB ID : 19528 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that may allow a malicious user to include arbitrary HTML content from remote sites. The issue is triggered when an attacker requests the html.php script but supplies remote HTML content to the 'current_dir' variable. It is possible that the flaw may allow a remote user to manipulate site content.

[CLOSE] OSVDB ID : 19529 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker directly requests a user file (/users/[name]), which will disclose the encrypted password hash for that user resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 19530 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that may allow a malicious authenticated user to execute arbitrary commands. The issue is triggered by uploading a file with a .inc extension, which is not blocked or sanitized by the system. After uploading, it is possible to directly call the script which will be executed under the privileges as the web server.

[CLOSE] OSVDB ID : 19531 - Disclosed: 2005-09-20

Description:

By default, PHP Advanced Transfer Manager installs with a default password. The 'admin' account has a password of 'test' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 19532 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker directly requests the test.php script, which will disclose various configuration settings and system information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 19533 - Disclosed: 2005-09-20

Description:

PHP Advanced Transfer Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font', 'normalfontcolor' or 'mess' variables upon submission to the txt.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19478 - Disclosed: 2005-09-17

Description:

CuteNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the flood protection code in /inc/shows.inc.php not properly sanitizing user input supplied to the HTTP_CLIENT_IP variable. This may allow an attacker to supply a specially crafted header value and inject arbitrary strings into the /data/flood.db.php file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 19460 - Disclosed: 2005-09-15

Description:

Digital Scribe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19411 - Disclosed: 2005-09-14

Description:

ATutor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password_reminder.php script not properly sanitizing user-supplied input to the 'email' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19239 - Disclosed: 2005-09-07

Description:

Unclassified NewsBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Description" variable when posting a message. This could allow a user to inject arbitrary HTML and script code that would execute in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19353 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'login' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19354 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'week.php' script not properly sanitizing user-supplied input to the 'LocationID' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19356 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in multiple fields when adding an event. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19357 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'LocationID' variable upon submission to the 'thankyou.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19358 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'font' and 'LocationID' variables upon submission to the 'day.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19359 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'font', 'CeTi', 'Contact', 'Description' and 'ShowAddress' variables upon submission to the 'event.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19360 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'week.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19361 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calDaily.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19362 - Disclosed: 2005-09-05

Description:

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calWeekly.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.