[CLOSE] OSVDB ID : 31144 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ViewServerPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31145 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to WelcomeEmailPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31146 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to RegistrarModule.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31147 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to SolidStateModule.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31148 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to authorizeaim.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31149 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to AAIMConfigPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31184 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AccountsPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31185 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AddInvoicePage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31186 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AddIPAddressPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31187 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AddPaymentPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31188 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AddTaxRulePage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31189 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AssignDomainPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31190 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AssignHostingPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31191 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the AssignProductPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31192 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the BillingPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31193 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the BillingPaymentPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31194 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the BrowseAccountsPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31195 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the BrowseInvoicesPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31196 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ConfigureEditUserPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31197 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ConfigureNewUserPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31198 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ConfigureNewUserReceiptPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31199 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ConfigureUsersPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31200 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DeleteAccountPage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31201 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DeleteDomainServicePage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31202 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DeleteHostingServicePage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31203 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the DeleteInvoicePage.class.php script not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28038 - Disclosed: 2006-08-20

Description:

SportsPHool contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'includes/layout/plain.footer.php' not properly sanitizing user input supplied to the 'mainnav' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28044 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28045 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to tag_utils/divtag_utils.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28046 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to tag_utils/form_utils.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28047 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to tag_utils/html_utils.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28048 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to tag_utils/localinc.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28049 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to widgets/FooterNav.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28050 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to HTMLPageClass.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28051 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to widgets/InfoTable.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28052 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to widgets/localinc.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28053 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to NavTable.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28054 - Disclosed: 2006-08-20

Description:

NES Game & NES System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to TextNav.php not properly sanitizing user input supplied to the 'phphtmllib' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28282 - Disclosed: 2006-08-20

Description:

Shadows Rising RPG contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to '/core/includes/smarty.inc.php', '/qcms/includes/smarty.inc.php' and '/qlib/smarty.inc.php' scripts not properly sanitizing user input supplied to the 'CONFIG[gameroot]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28283 - Disclosed: 2006-08-20

Description:

Shadows Rising contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to '/core/includes/security.inc.php' not properly sanitizing user input supplied to the 'CONFIG[gameroot]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.