Searching issue software vulnerabilities

Vulnerability in man.sh CGI script, included in

Vulnerability | included | script | mansh | May | CGI |

Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands.


** DISPUTED * Microsoft Internet Security and A

Acceleration | Microsoft | Security | DISPUTED | Internet |

** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.


Unknown vulnerability in AIX before 4.0 with un

vulnerability | "security | vectors | Unknown | IY28225 | issue" | impact | before | attack | fixed | APAR | AIX | aka |

Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.


Unknown vulnerability in 3Com OfficeConnect Rem

OfficeConnect | vulnerability | Unknown | Remote | 3Com |

Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.


Buffer overflow in the extract_one function fro

extract_one | attackers | arbitrary | function | overflow | execute | lhextc | Buffer | allow | code | long | via | LHA | may |

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.


Unknown vulnerability in Attachment Mod before

vulnerability | Attachment | Unknown | before | Mod |

Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors.


Unknown vulnerability in the login page for HP

vulnerability | Manager | Systems | Unknown | Insight | login | page |

Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.


MySQL 5.0.18 and earlier allows local users to

MySQL |

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.


Unspecified vulnerability in the local weblog p

vulnerability | Unspecified | publisher | Nidelven | Dealer | weblog | before | local | Issue |

Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors.


Directory traversal vulnerability in admin/dele

admin/deleteuserphp | vulnerability | Directory | traversal | HitHost |

Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir.


Heap-based buffer overflow in Apple QuickTime b

Heap-based | QuickTime | arbitrary | attackers | overflow | triggers | function | ReadBMP | crafted | execute | allows | before | buffer | remote | Apple | code | file | via | BMP |

Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.


index.php in Destiney Links Script 2.1.2 allows

Destiney | indexphp | Script | Links |

index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal.


Cross-site scripting (XSS) vulnerability in Jem

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector.


index.php in WordPress 2.0.3 allows remote atta

WordPress | indexphp |

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.


CHXO Feedsplitter 2006-01-21 allows remote atta

feedsplitterphp | Feedsplitter | showsource | 2006-01-21 | attackers | function | source | allows | remote | read | CHXO | code | via |

CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.


** DISPUTED ** PHP remote file inclusion vulne

vulnerability | inclusion | Yoshizawa | commonphp | DISPUTED | Exporia | remote | Yuuki | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113.


SQL injection vulnerability in the Downloads mo

viewdownloaddetails | vulnerability | arbitrary | attackers | parameter | injection | Downloads | operation | commands | versions | PostNuke | unknown | execute | module | allows | remote | SQL | via | lid |

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.


Unrestricted file upload vulnerability in the P

vulnerability | Unrestricted | tracking | Project | upload | issue | file |

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before Tuesday, January 23, 2007, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.


The project_issue_access function in the Projec

project_issue_access | tracking | function | Project | issue |

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before Tuesday, January 23, 2007 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.


The soap extension in PHP calls php_rand_r with

mcrypt_create_iv | uninitialized | CVE-2007-2727 | php_rand_r | extension | variable | covered | unknown | vectors | related | impact | attack | issue | calls | which | soap | seed | PHP | has |

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.


Software vulnerabilities results 1 to 20 of 958     
Page: 12345...48