Searching base qry mainphp software vulnerabilities

aaa_base in SuSE Linux 6.3, and cron.daily in e

incorrectly | interpreted | arbitrary | crondaily | directory | creating | versions | aaa_base | earlier | include | expired | deletes | delete | spaces | allow | local | users | Linux | files | whose | which | names | /tmp | then | SuSE |

aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.


Cisco AP340 base station produces predictable T

predictable | produces | Sequence | Initial | Numbers | station | Cisco | AP340 | base | TCP |

Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.


WorkforceROI Xpede 4.1 allows remote attackers

WorkforceROI | credentials | attackers | arbitrary | parameter | commands | database | execute | sprcasp | modify | remote | allows | script | Xpede | steal | read | SQL | Qry | via |

WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.


sastcpd in SAS/Base 8.0 allows local users to e

environment | reference | arbitrary | malicious | executed | authprog | SAS/Base | variable | program | execute | sastcpd | setting | allows | which | users | local | code | then |

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.


sastcpd in SAS/Base 8.0 might allow local users

segmentation | environment | privileges | netencralg | variable | SAS/Base | setting | sastcpd | causes | fault | which | local | users | might | allow | gain |

sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.


PHP remote file inclusion vulnerability in affi

vulnerability | inclusion | affichphp | Gemitel | remote | file | PHP |

PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.


SQL injection vulnerability in kb.php in the Kn

vulnerability | information | attackers | sensitive | Knowledge | injection | parameter | commands | execute | obtain | module | allows | remote | kbphp | phpBB | Base | SQL | cat | via |

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.


global.php in YaPiG 0.92b allows remote attacke

attackers | arbitrary | globalphp | parameter | BASE_DIR | include | allows | remote | YaPiG | files | local | 092b | via |

global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.


Helpdesk software Hesk 0.92 does not properly v

software | Helpdesk | Hesk |

Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.


SQL injection vulnerability in base_qry_main.ph

base_qry_mainphp | vulnerability | Intrusion | Databases | injection | Analysis | Console | SQL |

SQL injection vulnerability in base_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and Basic Analysis and Security Engine (BASE) 1.2 allows remote attackers to execute arbitrary SQL commands via the sig[1] parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.


base_maintenance.php in Basic Analysis and Secu

base_maintenancephp | Security | Analysis | Engine | Basic |

base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.


SQL injection vulnerability in PCPIN Chat 5.0.4

vulnerability | injection | PCPIN | Chat | SQL |

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.


Multiple SQL injection vulnerabilities in APBoa

vulnerabilities | arbitrary | injection | attackers | commands | Multiple | execute | earlier | APBoard | remote | 22-r3 | allow | via | SQL |

Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | parameter | arbitrary | Multiple | Johannes | earlier | execute | Erdfelt | remote | config | allow | Kawf | code | file | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.


** DISPUTED ** PHP remote file inclusion vulne

libraries/amfphp/amf-core/custom/CachedGatewayphp | vulnerability | AMFPHP_BASE | parameter | inclusion | attackers | arbitrary | DISPUTED | execute | remote | allows | Adobe | code | file | via | PHP | SDK |

** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant.


Unspecified vulnerability in Peanut Knowledge B

vulnerability | Unspecified | Knowledge | Peanut | Base |

Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.


** DISPUTED ** PHP remote file inclusion vulne

myIpacNG-stats | vulnerability | inclusion | DISPUTED | initphp | remote | Tkotz | file | Jens | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use.


Software vulnerabilities results 1 to 20 of 110     
Page: 123456