operation software vulnerabilities

Searching operation software vulnerabilities

dbmlparser.exe CGI guestbook program does not p

dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files.

ctrlpacket.c in PoPToP PPTP server before 1.1.4

ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.

autohtml.php in php-proxima 6.0 and earlier all

autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation.

admin.php in Newsletter ZWS allows remote attac

admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.

FreeRADIUS before 1.0.1 allows remote attackers

FreeRADIUS | before |

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

Integer overflow on Apple QuickTime before 6.5.

Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.

Buffer overflow in the strexpand function in st

Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation.

SQL injection vulnerability in SalesLogix 6.1 a

SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.

passwd 0.68 does not check the return code for

passwd |

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.

myServer 0.7.1 allows remote attackers to cause

myServer |

myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.

Firefox before 1.0 and Mozilla before 1.7.5 all

Mozilla | Firefox | before |

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.

CRLF injection vulnerability in users.php in Si

CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.

Mac OS X 10.3.9, when using an LDAP server that

Mac |

Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext.

Buffer overflow in Convert-UUlib (Convert::UUli

Convert-UUlib | overflow | Buffer |

Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.

Soldier of Fortune II 1.02x and 1.03 allows rem

Fortune | Soldier | 102x |

Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.

Cross-site scripting (XSS) vulnerability in Fla

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.

Directory traversal vulnerability in index.php

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.

Multiple SQL injection vulnerabilities in mod.p

Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.

Software vulnerabilities results 1 to 20 of 103

Page: 12 3 4 5 6 ►

operation software vulnerabilities

vulnerabilities.aspcode.net

Searching operation software vulnerabilities