Searching mh profile software vulnerabilities

FTP Explorer uses weak encryption for storing t

encryption | password | username | Explorer | profile | storing | sites | uses | weak | FTP |

FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.


FTP service in Alcatel OmniPCX 4400 allows the

Alcatel | OmniPCX | service | FTP |

FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.


Buffer overflow in inc mail utility for Compaq

environment | Tru64/OSF1 | arbitrary | overflow | variable | execute | utility | Buffer | Compaq | allows | local | users | long | mail | code | inc | via |

Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.


SQL injection vulnerability in Gender MOD 1.1.3

vulnerability | injection | Gender | MOD | SQL |

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.


The pfexec function for Sun Solaris 8 and 9 doe

privileges | additional | exec_attr | profiles | contains | database | properly | function | commands | invalid | execute | profile | Solaris | rights | pfexec | handle | custom | users | local | which | entry | allow | does | Sun | may | not |

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.


ADP Elite System Max 9000 allows remote authent

System | Elite | Max | ADP |

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.


CoolForum 0.8.1 beta and earlier allows remote

CoolForum |

CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.


Cisco IOS 12.2T, 12.3 and 12.3T, when processin

Cisco | 122T | IOS |

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.


Unknown vulnerability in sCssBoard 1.11 and ear

vulnerability | sCssBoard | Unknown |

Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."


Musicmatch 10.00.2047 and earlier store log fil

Musicmatch |

Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information.


Buffer overflow in the Microsoft Color Manageme

Management | attackers | arbitrary | Microsoft | overflow | crafted | execute | profile | Windows | format | Buffer | allows | Module | remote | Color | image | tags | code | via | ICC |

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.


Hummingbird FTP for Connectivity 10.0 uses weak

Connectivity | Hummingbird | FTP |

Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.


Cross-site scripting (XSS) vulnerability in Mar

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.


myprofile.asp in Enthrallweb eCoupons does not

authenticated | myprofileasp | MM_recordId | Enthrallweb | specifying | parameter | account's | username | properly | modified | eCoupons | validate | account | another | certain | updates | profile | remote | during | fields | modify | allows | which | users | does | not |

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.


myprofile.asp in Enthrallweb eNews does not pro

authenticated | myprofileasp | MM_recordId | Enthrallweb | specifying | parameter | account's | modified | username | validate | properly | account | another | certain | updates | profile | during | fields | remote | allows | modify | eNews | which | users | does | not |

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.


myprofile.asp in Enthrallweb eClassifieds does

authenticated | eClassifieds | myprofileasp | MM_recordId | Enthrallweb | specifying | parameter | account's | properly | username | modified | validate | account | another | certain | updates | profile | remote | during | fields | modify | allows | which | users | does | not |

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.


WebAPP before 0.9.9.5 allows remote Guest users

before | WebAPP |

WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.


Unspecified vulnerability in MH Software Connec

vulnerability | Unspecified | Software | Connect | before | Daily |

Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.


Software vulnerabilities results 1 to 20 of 106     
Page: 123456