Searching present software vulnerabilities

A Windows NT Primary Domain Controller (PDC) or

Controller | Primary | Windows | Domain |

A Windows NT Primary Domain Controller (PDC) or Backup Domain Controller (BDC) is present.


The Basic Security Module (BSM) for Solaris 2.5

Security | Module | Basic |

The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.


Microsoft Internet Explorer 5.01, 5.5 and 6.0 t

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.


Secure Webserver 1.1 in Raptor 6.5 and Symantec

Enterprise | Webserver | Symantec | Firewall | Secure | Raptor |

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.


Jakarta Tomcat before 3.3.1a, when used with JD

Jakarta | before | Tomcat | used | 331a | JDK |

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.


Multiple SQL injection vulnerabilities in WowBB

vulnerabilities | injection | Multiple | Forum | WowBB | SQL |

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.


Certain patches for kpdf do not include all rel

context-dependent | vulnerabilities | CVE-2005-3627 | associated | attackers | relevant | patches | Certain | present | exploit | include | allows | which | kpdf | xpdf | were | not | all |

Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.


A third-party installer generation tool, possib

bitrock_installerlog | InstallBuilder | third-party | Process-one | generation | generates | including | installer | temporary | ejabberd | possibly | products | service | symlink | BitRock | earlier | denial | attack | allows | 111_1 | users | local | cause | tool | file | used | via |

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.


The NeoScale Systems CryptoStor 700 series appl

CryptoStor | NeoScale | Systems |

The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.


Unspecified vulnerability in the listxattr syst

vulnerability | Unspecified | listxattr | present | service | inode" | allows | denial | system | kernel | users | cause | Linux | local | call | "bad |

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.


** DISPUTED ** Multiple PHP remote file inclus

vulnerabilities | inclusion | Nathanial | Bookmarks | DISPUTED | Multiple | Hendler | Brandon | remote | Active | Stone | file | PHP |

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables.


Multiple eval injection vulnerabilities in iGen

vulnerabilities | parameter | injection | attackers | arbitrary | supplied | Multiple | function | iGeneric | execute | action | remote | allow | which | eval | call | Shop | code | via |

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.


slocate 3.1 does not properly manage database e

directories | protected | properly | database | entries | specify | slocate | private | allows | manage | obtain | users | local | names | files | which | does | not |

slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.


Smb4K before 0.8.0 allow local users, when pres

before | Smb4K |

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."


Multiple stack-based buffer overflows in utilit

utilities/smb4k_*cpp | stack-based | overflows | Multiple | before | buffer | Smb4K |

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.


PHP remote file inclusion vulnerability in comm

vulnerability | inclusion | commonphp | Download | Design | System | Hinton | remote | PHPHD | file | PHP |

PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006.


Unspecified vulnerability in Sun Solaris 10 bef

vulnerability | Unspecified | Solaris | before | Sun |

Unspecified vulnerability in Sun Solaris 10 before Thursday, June 14, 2007, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.


** DISPUTED ** Multiple PHP remote file inclus

vulnerabilities | inclusion | DISPUTED | Multiple | remote | file | PHP |

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root.


Multiple PHP remote file inclusion vulnerabilit

sl_theme_unix_path | vulnerabilities | Streamline | inclusion | parameter | arbitrary | attackers | 10-beta4 | Multiple | execute | remote | Server | Media | allow | code | file | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support.


Incomplete blacklist vulnerability in upload_im

upload_img_cgiphp | vulnerability | Incomplete | blacklist | before | Simple | Blog | PHP |

Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of Sunday, September 23, 2007. NOTE: the original Thursday, September 20, 2007 disclosure provided an incorrect filename, img_upload_cgi.php.


Software vulnerabilities results 1 to 20 of 24     
Page: 12