Searching analysis software vulnerabilities

MS Analysis module 2.0 for PHP-Nuke allows remo

information | attackers | sensitive | PHP-Nuke | Analysis | request | direct | module | remote | allows | obtain | via |

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.


SQL injection vulnerability in MS Analysis modu

vulnerability | arbitrary | attackers | injection | PHP-Nuke | Analysis | execute | request | referer | module | allows | remote | field | HTTP | SQL | via |

SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request.


SQL injection vulnerability in escribir.php in

vulnerability | escribirphp | injection | Domus | Foro | SQL |

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information.


Cisco Security Monitoring, Analysis and Respons

Monitoring | Analysis | Response | Security | System | Cisco |

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.


base_maintenance.php in Basic Analysis and Secu

base_maintenancephp | Security | Analysis | Engine | Basic |

base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.


Directory traversal vulnerability in include/in

include/inc_ext/spaw/spaw_controlclassphp | vulnerability | attackers | arbitrary | traversal | Directory | include | phpwcms | 125-DEV | allows | remote | files | local | via |

Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.


stats.php in Destiney Rated Images Script 0.5.0

Destiney | statsphp | Images | Script | Rated |

stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.


PHP remote file inclusion vulnerability in Basi

vulnerability | inclusion | Analysis | Security | Engine | remote | Basic | file | PHP |

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.


Eitsop My Web Server 1.0 allows remote attacker

attackers | service | remote | denial | Eitsop | Server | allows | cause | Web |

Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897.


Clearswift MAILsweeper for SMTP before 4.3.20 a

MAILsweeper | Clearswift | before | SMTP |

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set.


PHP remote file inclusion vulnerability in admi

admin/adminphp | vulnerability | attackers | inclusion | parameter | arbitrary | execute | allows | remote | Piadas | page | code | file | PHP | via |

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script.


Cisco Security Monitoring, Analysis and Respons

Monitoring | Analysis | Response | Security | System | Cisco |

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.


jmx-console/HtmlAdaptor in the jmx-console in t

jmx-console/HtmlAdaptor | application | jmx-console | Monitoring | Security | Response | Analysis | shipped | System | server | Cisco | JBoss | web |

jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.


Multiple unspecified vulnerabilities in the Com

vulnerabilities | unspecified | Interface | Multiple | Command | Line |

Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.


** DISPUTED ** PHP remote file inclusion vulne

cls_fast_templatephp | vulnerability | miniBloggie | attackers | myWebland | arbitrary | parameter | inclusion | DISPUTED | execute | earlier | remote | allows | fname | code | file | PHP | via | URL |

** DISPUTED ** PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of Wednesday, August 16, 2006 was inconclusive.


** DISPUTED ** Multiple PHP remote file inclus

vulnerabilities | inclusion | parameter | arbitrary | attackers | cutepath | CuteNews | Multiple | DISPUTED | execute | remote | allow | code | file | URL | PHP | 13x | via |

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of Tuesday, August 29, 2006 has not identified any scenarios in which these vectors could result in remote file inclusion.


Multiple SQL injection vulnerabilities in ATuto

vulnerabilities | injection | Multiple | ATutor | SQL |

Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.


The Network Analysis Module (NAM) in Cisco Cata

Analysis | Network | Module |

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.


Software vulnerabilities results 1 to 20 of 65     
Page: 1234