[CLOSE] OSVDB ID : 29819 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/inc/connexion.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29820 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /inc/session.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29821 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /inc/classes/class.blog.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29822 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /inc/classes/class.blogcomment.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29823 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /inc/classes/class.blogpost.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29824 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /layout/append.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29825 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /layout/class.xblog.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29826 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /layout/class.xblogcomment.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29827 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /layout/class.xblogpost.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29828 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /themes/default/form.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29829 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /themes/default/list.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29830 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /themes/default/post.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29831 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /themes/default/template.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29783 - Disclosed: 2006-07-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29784 - Disclosed: 2006-07-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45907 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

[CLOSE] OSVDB ID : 28678 - Disclosed: 2006-07-21

Description:

MosCom for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tradetop.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28677 - Disclosed: 2006-07-21

Description:

MicroGuestBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'comment' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 29866 - Disclosed: 2006-07-20

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 27441 - Disclosed: 2006-07-20

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 27417 - Disclosed: 2006-07-20

Description:

PlaNet concept planetGallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/gallery.php not properly sanitizing user input supplied to the _FILES['grafik']['name'][$i] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27411 - Disclosed: 2006-07-20

Description:

IDevSpot PhpHostBot contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to order/index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27410 - Disclosed: 2006-07-20

Description:

PhpLinkExchange contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php script not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27450 - Disclosed: 2006-07-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter.

[CLOSE] OSVDB ID : 27413 - Disclosed: 2006-07-20

Description:

Top XL contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pass' and 'pass2' variables upon submission to the add.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27414 - Disclosed: 2006-07-20

Description:

Top XL contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the /members/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 28791 - Disclosed: 2006-07-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27442 - Disclosed: 2006-07-20

Description:

Loudblog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 27415 - Disclosed: 2006-07-20

Description:

phpFaber TopSites contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'i_cat' and 'method' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database. Additionally, some parts of user input is echoed during SQL error output which may allow an attacker to conduct a cross-site scripting attack. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27230 - Disclosed: 2006-07-20

Description:

Internet Explorer contains a flaw that may allow a local denial of service. The issue is triggered when a long parameter in the CEnroll.CEnroll.2 ActiveX object's stringToBinary method is used, and will result in loss of availability for the Internet Explorer software.

[CLOSE] OSVDB ID : 27438 - Disclosed: 2006-07-20

Description:

(Description Provided by CVE) : systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.

[CLOSE] OSVDB ID : 28647 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the themes/default.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28648 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the articles.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28649 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the contact.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28650 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the displaypage.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28651 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the faq.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28652 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the mainbody.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28653 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the news.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28654 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the registration.php script not properly sanitizing user input supplied to the 'asolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28655 - Disclosed: 2006-07-20

Description:

iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the whosOnline.php script not properly sanitizing user input supplied to the 'asolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.