Searching probably software vulnerabilities

Privacy leak in Dansie Shopping Cart 3.04, and

Shopping | Privacy | Dansie | Cart | leak |

Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.


Multiple vulnerabilities in Nokia 6310(i) Mobil

vulnerabilities | Multiple | Nokia |

Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.


SQL injection vulnerability in SquirrelMail bef

vulnerability | SquirrelMail | injection | before | SQL |

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.


Multiple unspecified vulnerabilities in Gyach E

vulnerabilities | unspecified | Enhanced | Multiple | Gyach |

Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.


Unspecified vulnerability in Window Maker 0.80.

vulnerability | Unspecified | Window | Maker |

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.


Unknown "major security flaws" in Ulog-php befo

vulnerabilities | validation | injection | probably | Ulog-php | security | Unknown | vectors | related | attack | impact | before | flaws" | "major | input | have | SQL |

Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.


Unknown vulnerability in subs.pl for WebAPP 0.9

vulnerability | Unknown | WebAPP | subspl |

Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.


RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "

overwriting | temporary | location | probably | unknown | impact | allows | files" | RCBOOT | secure | users | files | local | which | does | "use | have | IBM | not | AIX |

RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.


A "missing request validation" error in phpBB 2

validation" | "missing | request | before | phpBB | error |

A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.


Fedora Directory Server before 10 allows remote

configuration | information | directives | attackers | sensitive | involving | Directory | httpdconf | password | probably | element | "allow" | admconf | orders | before | allows | "deny" | Fedora | Server | obtain | IFRAME | Apache | remote | such | via |

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.


Mantis 1.0.0rc3 does not properly handle "Make

information | probably | resolved | private" | properly | vectors | related | unknown | impact | Mantis | handle | 100rc3 | attack | being | "Make | which | leak | does | note | has | bug | not |

Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.


Zen Cart before 1.2.7 does not protect the admi

before | Cart | Zen |

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.


Unspecified vulnerability in index.php in image

vulnerability | Unspecified | imageVue | indexphp |

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.


Unspecified vulnerability in EmuLinker Kaillera

vulnerability | Unspecified | EmuLinker | Kaillera | before | Server |

Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the server.


D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060

300B01T01YA-C20060616 | unspecified | directory | attackers | DSL-G624T | contents | probably | firmware | request | vectors | cgi-bin | D-Link | direct | allows | remote | list | via |

D-Link DSL-G624T firmware 3.00B01T01.YA-C.Friday, June 16, 2006 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.


The dologin function in guestbook.php in KvGues

administrative | $mysql['pass'] | guestbookphp | KvGuestbook | privileges | attackers | variables | probably | function | modified | dologin | $gbpass | allows | remote | Beta | gain | via |

The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.


gfax 0.4.2 and probably other versions creates

gfax |

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.


Almnzm allows remote attackers to obtain sensit

activateorder | information | characters | sensitive | parameter | attackers | indexphp | probably | invalid | orderid | related | request | allows | Almnzm | remote | obtain | via | ']' | '[' |

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.


Multiple unspecified vulnerabilities in Dia bef

vulnerabilities | CVE-2007-1351 | CVE-2007-2754 | unspecified | vulnerable | libraries | involving | FreeType | probably | Multiple | contain | vectors | and/or | attack | 0961-6 | before | impact | have | Dia | use |

Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.


Unspecified vulnerability in PHP before 5.2.4 h

vulnerability | Unspecified | before | PHP |

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.


Software vulnerabilities results 1 to 20 of 210     
Page: 12345...11