Searching authenticated software vulnerabilities

INDEXU 2.0 beta and earlier allows remote attac

cookie_admin_authenticated | authentication | privileges | attackers | earlier | setting | cookie | allows | INDEXU | remote | bypass | value | gain | beta |

INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.


ws_mail.cgi in WebStore 400/400CS 4.14 allows r

ws_mailcgi | 400/400CS | WebStore |

ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.


Directory traversal vulnerability in InstantSer

InstantServers | vulnerability | MiniPortal | Directory | traversal |

Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.


Buffer overflow in CWMail.exe in NetWin before

authenticated | parameter | arbitrary | CWMailexe | overflow | execute | Buffer | remote | NetWin | before | allows | users | long | item | code | 28a | via |

Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter.


Directory traversal vulnerability in boilerplat

boilerplateasp | vulnerability | authenticated | arbitrary | traversal | Directory | remote | Citrix | allows | files | NFuse | users | read | via |

Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.


Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled

Domino | Lotus |

Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.


Format string vulnerability in log.c in rssh be

vulnerability | before | Format | string | rssh | logc |

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.


Scalable OGo (SOGo) 1.0 allows remote authentic

Scalable | OGo |

Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users.


sendpm.php in PBLang 4.63 allows remote authent

sendpmphp | PBLang |

sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.


delpm.php in PBLang 4.63 allows remote authenti

delpmphp | PBLang |

delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.


lukemftpd in Mac OS X 10.3.9 allows remote auth

lukemftpd | Mac |

lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.


BisonFTP Server V4R1 allows remote authenticate

authenticated | argument | BisonFTP | invalid | service | command | denial | Server | allows | remote | users | cause | V4R1 | long | via |

BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.


wzdftpd 0.5.4 allows remote authenticated users

wzdftpd |

wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.


nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allo

before | nuauth | NuFW | 10x |

nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets.


Unspecified vulnerability in Oracle Pharmaceuti

Pharmaceutical | vulnerability | Applications | Unspecified | Oracle |

Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.


maketorrent.php in TorrentFlux 2.2 allows remot

metacharacters | maketorrentphp | authenticated | TorrentFlux | arbitrary | commands | execute | remote | allows | shell | users | via |

maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.


mycontacts.php in V3 Chat allows remote authent

authenticated | mycontactsphp | membername | privileges | parameter | modified | allows | remote | other | users | Chat | gain | via |

mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.


Firebird 1.5 allows remote authenticated users

authenticated | permissions | overwrite | Firebird | creating | database | without | remote | SYSDBA | allows | owner | users |

Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.


The SOAP webservice in vtiger CRM before 5.0.3

webservice | before | vtiger | SOAP | CRM |

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.


Unspecified vulnerability in Webmin before 1.37

vulnerability | Unspecified | before | Webmin |

Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.


Software vulnerabilities results 1 to 20 of 808     
Page: 12345...41