Searching meta server software vulnerabilities

Unknown vulnerability in Allaire JRun 3.1 allow

vulnerability | directories | JavaServer | attackers | arbitrary | directly | META-INF | WEB-INF | execute | Unknown | Allaire | access | remote | allows | Pages | JRun |

Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.


config_inc2.php in Mantis before 0.17.4 allows

config_inc2php | before | Mantis |

config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.


Cross-site scripting vulnerability AOL Instant

vulnerability | Cross-site | Messenger | scripting | Instant | AOL |

Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.


Multiple stack-based buffer overflows in the IC

stack-based | overflows | Protocol | routines | Multiple | Analysis | parsing | buffer | Module | ISS | ICQ |

Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.


Internet Explorer 6 allows remote attackers to

attackers | Explorer | Internet | service | denial | allows | remote | cause |

Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.


phpMyAdmin 2.6.1 allows remote attackers to obt

phpMyAdmin |

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.


Cross-site scripting (XSS) vulnerability in sub

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "ta" and "ript>".


admin.php in QualityEBiz Quality PPC (QPPC) 1.0

QualityEBiz | adminphp | Quality | PPC |

admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | Multiple | execute | earlier | remote | allow | Csaba | Godor | SAPID | code | file | Blog | Beta | URL | via | PHP |

Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.


Cross-site scripting (XSS) vulnerability in Cis

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.


Buffer overflow in the meta_read_flac function

meta_read_flac | meta_decoderc | Aqualung | function | overflow | earlier | 09beta5 | Buffer | CVS |

Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file.


The child frames in Microsoft Internet Explorer

Content-Type | cross-site | specified | scripting | attackers | Microsoft | Explorer | Internet | conduct | default | inherit | charset | allows | frames | remote | header | parent | window | child | which | META | HTTP | not | tag |

The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.


The child frames in Opera 9 before 9.20 inherit

before | frames | child | Opera |

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.


PHP remote file inclusion vulnerability in MOD_

MOD_forum_fields_parsephp | phpbb_root_path | vulnerability | parameter | attackers | inclusion | arbitrary | picture | execute | allows | module | remote | Forum | phpBB | code | file | tags | META | PHP | via | URL |

PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.


The safevoid_vsnprintf function in Metamod-P 1.

safevoid_vsnprintf | attackers | Metamod-P | function | service | Windows | earlier | 119p29 | denial | remote | allows | cause |

The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.


Unspecified vulnerability in Default.aspx in Po

vulnerability | manipulation" | Defaultaspx | Unspecified | Set-cookie | HTTP-EQUIV | expression | parameter | attackers | possibly | fixation | "cookie | related | unknown | session | allows | remote | impact | Podium | META | have | via | CMS |

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).


A certain admin script in Inout Meta Search Eng

admin/create_enginephp | admin/generate_tabsphp | administrative | demonstrated | credentials | arbitrary | attackers | redirect | followed | missing | certain | request | browser | inject | remote | allows | Engine | Search | script | Inout | admin | sends | which | code | does | Meta | exit | not | PHP | web | but |

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the the META tag.


Cross-site scripting (XSS) vulnerability in May

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.


Software vulnerabilities results 1 to 20 of 2971     
Page: 12345...149