Searching passed software vulnerabilities

wwwthreads does not properly cleanse numeric da

privileges | wwwthreads | attackers | properly | queries | numeric | cleanse | forums | allows | remote | passed | names | table | which | gain | does | data | SQL | not |

wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.


cron in OpenBSD 2.5 allows local users to gain

privileges | terminated | function | OpenBSD | argv[] | cron's | passed | allows | which | users | popen | local | root | fake | gain | NULL | cron | not | via |

cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.


Buffer overflow in shared library ndwfn4.so for

ndwfn4so | overflow | iPlanet | library | Server | Buffer | shared | Web |

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.


Format string vulnerability in Infodrom cfinger

vulnerability | Infodrom | cfingerd | string | Format |

Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.


Buffer overflows in GazTek ghttpd 1.4 allows a

arbitrary | overflows | arguments | attacker | execute | GazTek | passed | Buffer | allows | remote | ghttpd | long | code | via |

Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.


viralator CGI script in Viralator 0.9pre1 and e

insecurely | downloaded | attackers | arbitrary | viralator | execute | earlier | script | passed | remote | allows | 09pre1 | which | being | call | wget | code | file | CGI | URL | via |

viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.


Format string vulnerability in the permitted fu

libgtop_daemon | vulnerability | permitted | function | libgtop | Format | string | GNOME |

Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.


AdCycle 1.17 and earlier allow remote attackers

AdCycle |

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.


Bugzilla before 2.14.1 allows remote attackers

Bugzilla | before |

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.


Cross-site scripting (XSS) vulnerability in rea

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.


Trend Micro InterScan VirusWall for Windows NT

InterScan | VirusWall | Windows | Trend | Micro |

Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.


Artekopia Netjuke before 1.0 b7 allows remote a

arbitrary | attackers | parameter | Artekopia | possibly | section | execute | Netjuke | allows | before | server | remote | passed | which | code | call | eval | web | via |

Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call.


The mailcap file for mozart 1.2.5 and earlier c

mailcap | mozart | file |

The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.


Format string vulnerability in the log function

vulnerability | function | Format | string | SUS | log |

Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog.


Format string vulnerability in the LogMsg funct

vulnerability | function | before | LogMsg | Format | string | sercd |

Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attachers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.


Multiple unknown vulnerabilities in netapplet i

vulnerabilities | verification" | privileges | netapplet | Multiple | [being] | related | without | scripts | unknown | Desktop | network | passed | Novell | input | allow | Linux | local | "User | users | gain | root |

Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."


Format string vulnerability in the ErrorLog fun

vulnerability | Greylisting | function | ErrorLog | Format | daemon | string | cnfc |

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.


The Users module in vTiger CRM 4.2 and earlier

templatename | attackers | arbitrary | parameter | function | execute | earlier | module | passed | vTiger | remote | allows | Users | which | eval | code | file | CRM | PHP | via |

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.


ChainKey Java Code Protection allows attackers

defineClass | Protection | attackers | decompile | modified | bytecode | ChainKey | passed | loader | before | allows | method | saves | class | files | Java | file | Code | JVM | via |

ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.


The Hypervisor in Microsoft Xbox 360 kernel 453

Hypervisor | Microsoft | Xbox |

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.


Software vulnerabilities results 1 to 20 of 47     
Page: 123