Searching kcms configure software vulnerabilities

The Motorola CableRouter allows any remote user

CableRouter | configure | Motorola | connect | router | allows | remote | user | port | any |

The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.


By design, the "established" command on the Cis

administrators | "established" | functionality | restrictive | connections | alternative | understand | configure | arbitrary | intended | firewall | controls | already | allowed | conduit | command | access | allows | target | design | Cisco | cause | ports | which | they | than | host | been | less | not | has | one | PIX | can |

By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.


The "Configure Your Server" tool in Microsoft 2

"Configure | Microsoft | Server" | Your | tool |

The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.


configure for Dsniff 2.3, fragroute 1.2, and fr

fragrouter | downloaded | configure | monkeyorg | fragroute | Dsniff | May |

configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system.


The logging feature in kcms_configure in the KC

kcms_configure | KCS_ClogFile | arbitrary | versions | possibly | corrupt | symlink | feature | logging | package | Solaris | attack | allows | other | files | users | local | KCMS | file | via |

The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.


Mason before 1.0.0 does not install the init sc

before | Mason |

Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.


Unspecified vulnerability in System Communicati

Communications | Administrator | vulnerability | Unspecified | Messaging | attackers | Top-Level | Delegated | Services | allows | obtain | remote | 2005Q1 | System | Server | Java | Sun |

Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif.


Adobe Macromedia MX 2004 products, Captivate, C

Macromedia | Adobe |

Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.


NCP Network Communication Secure Client 8.11 Bu

Communication | Network | Secure | Client | NCP |

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow.


opiepasswd in One-Time Passwords in Everything

Everything | opiepasswd | Passwords | One-Time |

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before Wednesday, March 22, 2006 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.


PlaNet Concept plaNetStat 20050127 allows remot

plaNetStat | Concept | PlaNet |

PlaNet Concept plaNetStat Thursday, January 27, 2005 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page.


GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "

GNOME | GDM |

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.


Eval injection vulnerability in the configure s

vulnerability | configure | injection | script | TWiki | Eval |

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".


Cisco Clean Access (CCA) 3.6.x through 3.6.4.2

Access | Clean | Cisco |

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.


Unspecified vulnerability in kcms_calibrate in

kcms_calibrate | vulnerability | Unspecified | Solaris | before | Sun |

Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before Thursday, November 22, 2007 allows local users to execute arbitrary commands via unknown vectors.


Static code injection vulnerability in admin/se

admin/settingsphp | vulnerability | injection | Dynamic | Portal | System | Static | code | Net |

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].


Software vulnerabilities results 1 to 18 of 18     
Page: 1