Searching plus software vulnerabilities

tac_plus Tacacs+ daemon F4.0.4.alpha, originall

world-readable | permissions | originally | maintained | accounting | sensitive | directive | F404alpha | writable | tac_plus | Tacacs+ | creates | allows | access | modify | daemon | files | Cisco | which | local | users |

tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.


PowerChute plus 5.0.2 creates a "Pwrchute" dire

PowerChute | plus |

PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.


The DeviceIoControl function in the TrueVector

DeviceIoControl | TrueVector | function | Driver | Device |

The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").


The Smc.exe process in My Firewall Plus 5.0 bui

Firewall | process | Smcexe | build | Plus |

The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.


ISQL*Plus in Oracle 10g Application Server allo

Application | ISQL*Plus | arbitrary | attackers | parameter | absolute | pathname | loaduix | execute | Server | Oracle | script | allows | remote | files | file | via | 10g |

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.


Buffer overflow in the PopUp Plus 2.0.3.8 plugi

overflow | Buffer | PopUp | Plus |

Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.


SQL injection vulnerability in out.php in CJ Ul

vulnerability | injection | outphp | Ultra | SQL |

SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.


Heap-based buffer overflow in the Admin Plus Pa

Heap-based | overflow | through | VERITAS | buffer | Backup | Option | Admin | Exec | Plus | Pack |

Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.


iSQL*Plus (isqlplus) for Oracle9i Database Serv

iSQL*Plus |

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.


3Com Baseline Switch 2848-SFP Plus Model #3C164

2848-SFP | firmware | #3C16486 | Baseline | before | Switch | Model | 3Com | Plus |

3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.


My Firewall Plus 5.0 Build 1119 does not verify

Firewall | Build | Plus |

My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.


PassGo SSO Plus 2.1.0.32, and probably earlier

PassGo | Plus | SSO |

PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs.


SQL injection vulnerability in admin/admin_acro

admin/admin_acronymsphp | vulnerability | injection | Acronym | Mod | SQL |

SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.


Format string vulnerability in the log creation

vulnerability | functionality | Professional | BitDefender | creation | Client | Format | string | Plus | log |

Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.


PHP remote file inclusion vulnerability in prev

vulnerability | previewphp | inclusion | remote | Magic | News | file | Plus | PHP |

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.


Cross-site scripting (XSS) vulnerability in Mag

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.


Cross-site scripting (XSS) vulnerability in cp/

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.


Cross-site scripting (XSS) vulnerability in RM

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.


SQL injection vulnerability in store_info.php i

vulnerability | store_infophp | Classifieds | arbitrary | attackers | injection | parameter | commands | execute | SoftBiz | allows | remote | PLUS | SQL | via |

SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.


Software vulnerabilities results 1 to 20 of 57     
Page: 123