[CLOSE] OSVDB ID : 28562 - Disclosed: 2005-05-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16977 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.

[CLOSE] OSVDB ID : 45596 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

[CLOSE] OSVDB ID : 17094 - Disclosed: 2005-05-31

Description:

Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue occurs when the browser does not properly handle requests to the window() object. A remote attacker could create a malicious website that uses an onload event to initialize a window() object, which may cause Internet Explorer to crash or execute arbitrary code with the privileges of the person running it.

[CLOSE] OSVDB ID : 16954 - Disclosed: 2005-05-31

Description:

A remote overflow exists in TFTP Server 2000. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long filename or transfer-mode string, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 16955 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences.

[CLOSE] OSVDB ID : 17008 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input to multiple variables upon submission to the misc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17009 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'datecut' or 'page' variables upon submission to the forumdisplay.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17010 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username', 'email' or 'email2' variables upon submission to the member.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17011 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' or 'usersearch' variables upon submission to the memberlist.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17012 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pid' or 'tid' variables upon submission to the showthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17013 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tid' variable upon submission to the printthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17014 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'eid' variable in the calendar.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17015 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pidsql' variable in the online.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17016 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'usersearch' variable in the memberlist.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17017 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pid' variable in the editpost.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17018 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'fid' variable in the forumdisplay.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17019 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the newreply.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17020 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'sid' variable in the search.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17021 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' and 'pid' variables in the showthread.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17022 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the usercp2.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17023 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the printthread.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17024 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pid' variable in the reputation.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17025 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'username' variable in the portal.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17026 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the polls.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 17027 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the ratethread.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16953 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.

[CLOSE] OSVDB ID : 16968 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.

[CLOSE] OSVDB ID : 22838 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.

[CLOSE] OSVDB ID : 16992 - Disclosed: 2005-05-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16913 - Disclosed: 2005-05-30

Description:

NewLife Blogger contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to an unspecified variable not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16933 - Disclosed: 2005-05-30

Description:

StrongHold 2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted Nickname which is padded with a large number of bytes to the server. The STLport Library on the server fails to properly allocate memory, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 16936 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' or 'printable' variables upon submission to the home.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16937 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'productid' or 'mode' variables upon submission to the product.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16938 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the error_message.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16939 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'section' variable upon submission to the help.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16940 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the orders.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16941 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16942 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16943 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'gcid' or 'gcindex' variables upon submission to the giftcert.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.