Searching all software vulnerabilities

A URL for a WWW directory allows auto-indexing,

auto-indexing | indexhtml | directory | provides | contain | allows | files | which | file | does | list | URL | not | all |

A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.


Buffer overflow in All-Mail 1.1 allows remote a

attackers | arbitrary | overflow | commands | All-Mail | command | execute | allows | remote | Buffer | FROM" | "MAIL | "RCPT | long | TO" | via |

Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.


The default configuration of the config.http.tu

confighttptunnelallow_ports | configuration | arbitrary | attackers | NetCache | default | systems | devices | connect | remote | device | option | allows | behind | ports | which | +all | set |

The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.


ASP-Nuke RC2 and earlier allows remote attacker

submitting | attackers | logged-in | "pseudo" | ASP-Nuke | invalid | earlier | allows | cookie | remote | users | list | RC2 | all |

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.


The linux 2.4 kernel before 2.4.19 assumes that

before | kernel | linux |

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.


SmartMail Server 2.0 allows remote attackers to

attackers | SmartMail | service | denial | allows | Server | remote | cause |

SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.


Webmin 0.21 through 1.0 uses the same built-in

Webmin |

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.


Centrinity FirstClass 7.1 allows remote attacke

information | checkboxes | Centrinity | FirstClass | sensitive | appending | directory | attackers | checking | searched | leaving | option | access | return | remote | allows | search | blank | which | files | field | text | end | URL | all |

Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.


Extremail 1.5.9 does not check passwords correc

Extremail |

Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.


DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:

CANDIDATE | NUMBER | NOT | USE |

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: This candidate is a duplicate of CVE-2005-1915. Notes: All CVE users should reference CVE-2005-1915 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.


xmb.php in XMB Forum 1.9.1 extracts and defines

xmbphp | Forum | XMB |

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].


User.php in Gallery, as used in Postnuke, allow

privileges | galleries | Postnuke | Gallery | Userphp | access | allows | Admin | users | used | gain | all | any |

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.


KillProcess 2.20 and earlier allows local users

KillProcess |

KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.


getversions.php in versatileBulletinBoard (vBB)

versatileBulletinBoard | getversionsphp |

getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request.


WebEOC before 6.0.2 uses the same secret key fo

before | WebEOC |

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.


PADL MigrationTools 46 creates temporary files

MigrationTools | insecurely | arbitrary | temporary | overwrite | properly | symlink | creates | created | attack | allows | which | files | local | users | PADL | via | not |

PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.


Unspecified vulnerability in HP PSC 1210 All-in

vulnerability | Unspecified | PSC |

Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.


Multiple SQL injection vulnerabilities in Multi

vulnerabilities | MultiCalendars | arbitrary | attackers | injection | commands | Multiple | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.


attachment.php in Headstart Solutions DeskPRO a

attachmentphp | attackers | parameter | providing | Solutions | Headstart | modified | uploaded | DeskPRO | allows | number | remote | files | read | file | all |

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.


Multiple format string vulnerabilities in PHP b

vulnerabilities | Multiple | before | format | string | PHP |

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.


Software vulnerabilities results 1 to 20 of 175     
Page: 12345...9