Searching operations software vulnerabilities

KDE file manager (kfm) uses a TCP server for ce

manager | file | KDE |

KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.


PHP-Nuke 5.x allows remote attackers to perform

operations | arbitrary | modifying | attackers | PHP-Nuke | "prefix" | variable | calling | scripts | already | perform | prefix | allows | remote | define | SQL | any | not |

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.


Directory traversal vulnerability in IBM alphaW

vulnerability | alphaWorks | Directory | traversal | server | TFTP | Java | IBM |

Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.


TWIG 2.6.2 and earlier allows remote attackers

TWIG |

TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.


Certain operations in Linux kernel before 2.2.1

operations | Certain | kernel | before | Linux |

Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."


The d_path function in Linux kernel 2.2.20 and

function | kernel | d_path | Linux |

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.


PVote before 1.9 does not authenticate users fo

authenticate | restricted | parameters | operations | attackers | modifying | remote | allows | before | delete | polls | users | PVote | which | does | add | not |

PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.


Entrust Authority Security Manager (EASM) 6.0 d

Authority | Security | Manager | Entrust |

Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.


Multiple SQL injection vulnerabilities in CARE

vulnerabilities | injection | Multiple | CARE | SQL |

Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.


The Image Upload capability for ezContents 1.40

capability | ezContents | Upload | Image |

The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded.


SQL injection vulnerabilities in FUDforum befor

vulnerabilities | injection | FUDforum | before | SQL |

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.


Mantis 0.17.5 and earlier stores its database p

Mantis |

Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.


Multiple SQL injection vulnerabilities in the (

vulnerabilities | injection | Multiple | SQL |

Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.


Unknown vulnerability in the SG_IO functionalit

functionality | vulnerability | unauthorized | operations | read-only | Unknown | perform | access | bypass | ide-cd | allows | erase | write | SG_IO | local | users |

Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.


Webseries Payment Application does not properly

authenticated | Application | operations | privileged | privileges | Webseries | accessing | directly | properly | restrict | certain | Payment | allows | remote | which | users | does | URLs | gain | not |

Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.


Backup Manager 0.5.8a creates temporary files i

unauthorized | operations | insecurely | temporary | conduct | burning | Manager | creates | allows | Backup | files | which | local | users | user | file | 058a | CDR |

Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.


A rule file in module-assistant before 0.9.10 c

module-assistant | before | rule | file |

A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.


StoreBackup before 1.19 allows local users to p

StoreBackup | before |

StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.


The Bluetooth stack in the Plantronic Headset d

Non-pairable | unauthorized | operations | Plantronic | implement | Bluetooth | attackers | properly | Headset | pair-up | conduct | remote | allows | stack | which | does | mode | not |

The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.


Directory traversal vulnerability in Widcomm Bl

vulnerability | Bluetooth | Directory | traversal | Windows | Widcomm |

Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter.


Software vulnerabilities results 1 to 20 of 104     
Page: 123456