[CLOSE] OSVDB ID : 26850 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.

[CLOSE] OSVDB ID : 26851 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.

[CLOSE] OSVDB ID : 26852 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.

[CLOSE] OSVDB ID : 26826 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

[CLOSE] OSVDB ID : 26842 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

[CLOSE] OSVDB ID : 26843 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.

[CLOSE] OSVDB ID : 26844 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.

[CLOSE] OSVDB ID : 26845 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.

[CLOSE] OSVDB ID : 26846 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.

[CLOSE] OSVDB ID : 26847 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.

[CLOSE] OSVDB ID : 26830 - Disclosed: 2006-06-22

Description:

aeDating contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Sex' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26831 - Disclosed: 2006-06-22

Description:

aeDating contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'ProfileType' variable upon submission to the 'join_form.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26832 - Disclosed: 2006-06-22

Description:

aeDating contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Email' variable upon submission to the 'forgot.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26786 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 26781 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.

[CLOSE] OSVDB ID : 27202 - Disclosed: 2006-06-22

Description:

W-Agora contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the insert.php script not properly sanitizing user input before being called by other scripts. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27584 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.

[CLOSE] OSVDB ID : 26808 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".

[CLOSE] OSVDB ID : 26783 - Disclosed: 2006-06-22

Description:

YaBB SE contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'profile.php' script not properly sanitizing user-supplied input to the 'user' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 26782 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters.

[CLOSE] OSVDB ID : 26805 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

[CLOSE] OSVDB ID : 26799 - Disclosed: 2006-06-22

Description:

A remote overflow exists in RealNetworks Helix DNA Server . The Helix DNA Server fails to handle RTSP requests with a malformed 'User-Agent' header resulting in a heap overflow. With a specially crafted request, an attacker may be able to execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 26800 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".

[CLOSE] OSVDB ID : 26793 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

[CLOSE] OSVDB ID : 26794 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

[CLOSE] OSVDB ID : 26795 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

[CLOSE] OSVDB ID : 26796 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

[CLOSE] OSVDB ID : 26797 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

[CLOSE] OSVDB ID : 28288 - Disclosed: 2006-06-22

Description:

A local overflow has been reported in MySQL. The Instance Manager fails to properly sanitize input to the Instance_options::complete_initialization function resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code. MySQL developers have stated that this is "only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation", so this does not cross security boundaries and is not a vulnerability.

[CLOSE] OSVDB ID : 26787 - Disclosed: 2006-06-22

Description:

(Description Provided by CVE) : Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended.

[CLOSE] OSVDB ID : 35676 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'preload.php' script not properly sanitizing user input supplied to the 'func_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35677 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input supplied to the 'func_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35680 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/missing.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35681 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/email.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35682 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/files.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35683 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/headlines.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35684 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/search.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35685 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/topics.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35686 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_mods/users.php' script not properly sanitizing user input supplied to the 'header_prog' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35687 - Disclosed: 2006-06-22

Description:

Harpia contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_inc/footer.php' script not properly sanitizing user input supplied to the 'theme_root' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.