Searching change software vulnerabilities

pcnfsd (aka rpc.pcnfsd) allows local users to c

pcnfsd |

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.


DPEC Online Courseware allows an attacker to ch

Courseware | password | attacker | original | another | knowing | without | user's | Online | allows | change | DPEC |

DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.


Phorum 3.0.7 allows remote attackers to change

Phorum |

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.


Vulnerability in TrendMicro Virus Control Syste

configuration | Vulnerability | TrendMicro | attacker | Control | program | certain | System | change | remote | allows | Virus | files | view | CGI | via |

Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program.


Web Messaging Server for Ipswitch IMail 7.04 an

Messaging | Ipswitch | Server | IMail | Web |

Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.


Directory traversal vulnerability in chuid 1.2

vulnerability | attackers | ownership | Directory | traversal | outside | earlier | upload | change | allows | remote | chuid | files | via |

Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack.


chuid 1.2 and earlier does not properly verify

attackers | ownership | properly | changed | earlier | remote | allows | change | verify | users | other | owned | chuid | files | which | such | root | does | not |

chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root.


Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled

Domino | Lotus |

Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.


comersus_gatewayPayPal.asp in Comersus Cart 5.0

comersus_gatewayPayPalasp | Comersus | Cart |

comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.


Unknown local vulnerability in the "change user

vulnerability | Astashonok | feature | "change | Unknown | Fprobe | Slava | local | user" |

Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors.


The change password functionality in Bottomline

functionality | authenticated | Application | Bottomline | passwords | Webseries | password | require | Payment | remote | users' | change | could | allow | which | users | enter | other | does | not | old | new |

The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.


Linksys WET11 1.5.4 allows remote attackers to

Linksys | WET11 |

Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.


SQL injection vulnerability in the SYS.DBMS_CDC

SYSDBMS_CDC_IPUBLISHCREATE_SCN_CHANGE_SET | CHANGE_SET_NAME | vulnerability | attackers | arbitrary | injection | parameter | procedure | commands | Database | execute | Server | Oracle | remote | allows | via | SQL | 10g |

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.


phpcart.php in PHPCart 3.2 allows remote attack

information | phpcartphp | attackers | modifying | product | PHPCart | allows | remote | change | price |

phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters.


Directory traversal vulnerability in Amaxus 3 a

vulnerability | arbitrary | attackers | sequences | parameter | traversal | Directory | earlier | change | Amaxus | remote | allows | access | files | via |

Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.


settings.php in Reamday Enterprises Magic News

Enterprises | settingsphp | Reamday | Magic | Plus | News |

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.


links.asp in aspWebLinks 2.0 allows remote atta

txtAdministrativePassword | administrative | aspWebLinks | attackers | password | modified | possibly | linksasp | request | allows | direct | change | remote | field | via |

links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.


Multiple unspecified vulnerabilities in Oracle

vulnerabilities | unspecified | Database | Multiple | Oracle |

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of Wednesday, July 19, 2006, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER.


Mantis before 1.1.0a2 does not implement per-it

implement | per-item | control | History | access | Mantis | before | Issue | 110a2 | does | not |

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.


member.php in MyBB (aka MyBulletinBoard), when

memberphp | MyBB |

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.


Software vulnerabilities results 1 to 20 of 164     
Page: 12345...9