| OSVDB ID | Disclosure Date | Title |
|---|
|
64431
Description:
ezContents CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'userinfo.php' script not properly sanitizing user-supplied input to the 'topgroupname' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-01-19
|
ezContents CMS userinfo.php topgroupname Parameter SQL Injection
|
|
64432
Description:
Unknown / Incomplete
|
2010-01-19
|
ezContents CMS comments.php Authentication Bypass
|
|
64779
Description:
DataLife Engine contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'engine/inc/include/init.php' script not properly sanitizing user input supplied to the 'selected_language' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-01-19
|
DataLife Engine engine/inc/include/init.php selected_language Parameter Remote File Inclusion
|
|
64780
Description:
DataLife Engine contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'engine/inc/help.php' script not properly sanitizing user input supplied to the 'config[langs]'parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-01-19
|
DataLife Engine engine/inc/help.php config[langs] Parameter Remote File Inclusion
|
|
64781
Description:
DataLife Engine contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'engine/ajax/pm.php' script not properly sanitizing user input supplied to the 'config[lang]'parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-01-19
|
DataLife Engine engine/ajax/pm.php config[lang] Parameter Remote File Inclusion
|
|
64782
Description:
DataLife Engine contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'engine/ajax/addcomments.php' script not properly sanitizing user input supplied to the '_REQUEST[skin]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-01-19
|
DataLife Engine engine/ajax/addcomments.php _REQUEST[skin] Parameter Remote File Inclusion
|
|
61837
Description:
SoftDirec contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the 'library/delete_confirm.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
SoftDirec library/delete_confirm.php id Parameter XSS
|
|
61799
Description:
Unknown / Incomplete
|
2010-01-18
|
Max's Site Protector maxProtector Class showLoginForm() Method XSS
|
|
61800
Description:
FunkGallery contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'gll' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
FunkGallery index.php gll Parameter XSS
|
|
61801
Description:
Hitmaaan Gallery contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'gall' and 'levela' parameters upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
Hitmaaan Gallery index.php Multiple Parameter XSS
|
|
61808
Description:
(Description Provided by CVE) : Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
|
2010-01-18
|
Max's Image Uploader index.php File Upload Arbitrary PHP Code Execution
|
|
61809
Description:
Alibaba Clone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'cat_sell.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-01-18
|
Alibaba Clone cat_sell.php cid Parameter SQL Injection
|
|
61810
Description:
Alibaba Clone contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'errmsg' parameter upon submission to the 'gen_confirm.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
Alibaba Clone gen_confirm.php errmsg Parameter XSS
|
|
61811
Description:
CloneBid B2B Marketplace Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'selloffers.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-01-18
|
CloneBid B2B Marketplace Script selloffers.php cid Parameter SQL Injection
|
|
61812
Description:
CloneBid B2B Marketplace Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'buyoffers.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-01-18
|
CloneBid B2B Marketplace Script buyoffers.php cid Parameter SQL Injection
|
|
61813
Description:
CloneBid B2B Marketplace Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'products.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-01-18
|
CloneBid B2B Marketplace Script products.php cid Parameter SQL Injection
|
|
61814
Description:
CloneBid B2B Marketplace Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'profiles.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-01-18
|
CloneBid B2B Marketplace Script profiles.php cid Parameter SQL Injection
|
|
61815
Description:
CloneBid B2B Marketplace Script contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'errmsg' parameter upon submission to the 'signin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
CloneBid B2B Marketplace Script signin.php errmsg Parameter XSS
|
|
61816
Description:
CloneBid B2B Marketplace Script contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'errmsg' parameter upon submission to the 'gen_confirm.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
CloneBid B2B Marketplace Script gen_confirm.php errmsg Parameter XSS
|
|
61958
Description:
SAP BusinessObjects contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'framework' parameter upon submission to the 'AdminTools/querybuilder/ie.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
SAP BusinessObjects AdminTools/querybuilder/ie.jsp framework Parameter XSS
|
|
62188
Description:
Unknown / Incomplete
|
2010-01-18
|
SAP BusinessObjects CmcApp/App/frameset.jsp name Parameter Arbitrary Site Redirect
|
|
61896
Description:
Bits Video Script contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'showcasesearch.php' script not properly sanitizing user input supplied to the 'rowptem[template]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-01-18
|
Bits Video Script showcasesearch.php rowptem[template] Parameter Remote File Inclusion
|
|
61897
Description:
Bits Video Script contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'showcase2search.php' script not properly sanitizing user input supplied to the 'rowptem[template]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-01-18
|
Bits Video Script showcase2search.php rowptem[template] Parameter Remote File Inclusion
|
|
61959
Description:
SAP BusinessObjects contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'framework' parameter upon submission to the 'AdminTools/querybuilder/logonform.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
SAP BusinessObjects AdminTools/querybuilder/logonform.jsp framework Parameter XSS
|
|
61960
Description:
SAP BusinessObjects contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'loc' parameter upon submission to the 'CrystalReports/jsp/CrystalReport_View/viewReport.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
SAP BusinessObjects CrystalReports/jsp/CrystalReport_View/viewReport.jsp loc Parameter XSS
|
|
61961
Description:
SAP BusinessObjects contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'url' parameter upon submission to the 'InfoViewApp/jsp/common/actionNavFrame.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
SAP BusinessObjects InfoViewApp/jsp/common/actionNavFrame.jsp url Parameter XSS
|
|
61962
Description:
SAP BusinessObjects contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'service' parameter upon submission to the 'PlatformServices/preferences.do' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-01-18
|
SAP BusinessObjects PlatformServices/preferences.do service Parameter XSS
|
|
61963
Description:
Unknown / Incomplete
|
2010-01-18
|
SAP BusinessObjects Multiple Scripts Direct Request Information Disclosure
|
|
62086
Description:
(Description Provided by CVE) : SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
2010-01-18
|
JEvents Search Plugin for Joomla! eventsearch.php plgSearchEventsearch::onSearch() Method SQL Injection
|
|
62189
Description:
Unknown / Incomplete
|
2010-01-18
|
SAP BusinessObjects CrystalReports/jsp/common/progress.jsp name Parameter Arbitrary Site Redirect
|
|
62190
Description:
Unknown / Incomplete
|
2010-01-18
|
SAP BusinessObjects PerformanceManagement/scripts/docLoadUrl.jsp name Parameter Arbitrary Site Redirect
|
|
62191
Description:
Unknown / Incomplete
|
2010-01-18
|
SAP BusinessObjects PerformanceManagement/jsp/viewCrystalReport.jsp sReportMode Parameter Arbitrary Site Redirect
|
|
62192
Description:
Unknown / Incomplete
|
2010-01-18
|
SAP BusinessObjects PlatformServices/preferences.do service Arbitrary Site Redirect
|
|
62370
Description:
(Description Provided by CVE) : Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
|
2010-01-18
|
Adobe Flash Player / AIR Crafted SWF File DoS
|
|
63194
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
|
2010-01-18
|
Jokes Complete Website joke.php id Parameter XSS
|
|
63195
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
|
2010-01-18
|
Jokes Complete Website results.php searchingred Parameter XSS
|
|
64371
Description:
Unknown / Incomplete
|
2010-01-18
|
AOL CDDBControl.dll ActiveX BindToFile() Function Overflow
|
|
64384
Description:
Unknown / Incomplete
|
2010-01-18
|
OpenOffice.org (OOo) on Windows slk File Parsing NULL Pointer DoS
|
|
64386
Description:
Unknown / Incomplete
|
2010-01-18
|
Xunlei XPPlayer ActiveX Arbitrary Code Execution
|
|
64370
Description:
Unknown / Incomplete
|
2010-01-18
|
Kingsoft Internet Security Module ActiveX Arbitrary Code Execution
|
