Some random vulnerability records on file

Default configuration in Matt Wright FormHandle

reply_message_attach | FormHandlercgi | configuration | attachments | directories | attachment | directory | arbitrary | attackers | restricts | parameter | Default | allows | access | Wright | remote | script | /etc/ | which | files | read | used | only | Matt | via |

Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.


MidiCart PHP 1 allows remote attackers to (1) u

attackers | MidiCart | allows | remote | PHP |

MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.


Buffer overflow in axspawn.c in Axspawn-pam bef

Axspawn-pam | arbitrary | attackers | axspawnc | overflow | packets | execute | Buffer | allows | remote | before | large | code | 021a | via |

Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets.


Buffer overflow in the uudecoding feature for A

uudecoding | overflow | feature | Acrobat | Buffer | Reader | Adobe |

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.


Buffer overflow in ncplogin in ncpfs before 2.2

overflow | ncplogin | Buffer | before | ncpfs |

Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.


Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.

Viewcatphp |

Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.


PHP remote file inclusion vulnerability in main

vulnerability | include_dir | arbitrary | inclusion | parameter | attackers | osTicket | execute | mainphp | allows | remote | file | code | via | PHP |

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.


Apple Mac OS X 10.4.x up to 10.4.1 sets insecur

Apple | 104x | Mac |

Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."


Multiple interpretation error in unspecified ve

interpretation | unspecified | executable | specially | corrupted | Antivirus | attackers | detection | malicious | malformed | BitZipper | products | rejected | PowerZip | Multiple | versions | crafted | AntiVir | headers | central | though | allows | Winzip | bypass | opened | remote | Winrar | which | virus | still | local | error | such | even | they | file | can | RAR | via |

Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.


SQL injection vulnerability in chat.php in MWCh

vulnerability | injection | parameter | attackers | arbitrary | username | commands | chatphp | execute | remote | allows | MWChat | via | SQL |

SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.