Searching processed software vulnerabilities

Bugzilla 2.10 allows remote attackers to execut

Bugzilla |

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.


Buffer overflow in bctool in Jetico BestCrypt 0

BestCrypt | overflow | Jetico | Buffer | bctool |

Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount.


ICQ 2001a Alpha and earlier allows remote attac

application/x-icq | automatically | Content-Type | attackers | arbitrary | processed | Explorer | Internet | earlier | contact | user's | allows | remote | which | 2001a | Alpha | page | list | UINs | web | ICQ | add | via | URL |

ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.


CGIScript.net csPassword.cgi stores usernames a

passwordcgitmp | csPasswordcgi | CGIScriptnet | unencrypted | modifying | temporary | usernames | passwords | stores | which | could | allow | while | users | local | file | data |

CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.


Directory traversal vulnerability in cafenews.p

vulnerability | cafenewsphp | Directory | traversal | CARE |

Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.


csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.

csGuestbookcgi | CGISCRIPTNET | csGuestbook | attackers | arbitrary | parameter | processed | function | execute | allows | remote | which | setup | eval | Perl | code | via |

csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


csLiveSupport.cgi in CGIScript.net csLiveSuppor

csLiveSupportcgi | csLiveSupport | CGIScriptnet | attackers | arbitrary | parameter | processed | function | execute | allows | remote | which | setup | eval | Perl | code | via |

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


csChatRBox.cgi in CGIScript.net csChat-R-Box al

csChatRBoxcgi | csChat-R-Box | CGIScriptnet | attackers | arbitrary | parameter | processed | function | execute | allows | remote | which | setup | eval | Perl | code | via |

csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


csNewsPro.cgi in CGIScript.net csNews Professio

Professional | CGIScriptnet | csNewsProcgi | csNews |

csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


Clearswift MAILsweeper 4.x allows remote attack

MIME-Version | MAILsweeper | Clearswift | attachment | detection | processed | attackers | specify | clients | remote | header | allows | bypass | which | field | mail | some | does | via | not |

Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.


SGI IRIX 6.5.x through 6.5.20f, and possibly ea

inadvertently | membership | subsequent | /etc/group | processed | versions | possibly | through | entries | earlier | follow | cause | which | group | 6520f | IRIX | does | file | 65x | SGI | not | may | "-" |

SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.


Buffer overflows in (1) try_netscape_proxy and

overflows | Buffer |

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.


Format string vulnerability in HD Soft Windows

vulnerability | specifiers | attackers | arbitrary | processed | username | function | Windows | execute | earlier | Format | Server | string | allows | remote | wscanf | which | Soft | code | FTP | via |

Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.


Buffer overflow in cgi.c in www-sql before 0.5.

overflow | www-sql | before | Buffer | cgic |

Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.


Agnitum Outpost Pro Firewall 2.1 allows remote

attackers | Firewall | service | Agnitum | Outpost | denial | allows | remote | cause | Pro |

Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php.


Invision Power Board (IPB) 1.0.3 allows remote

Invision | Board | Power |

Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.


Eval injection vulnerability in the template en

vulnerability | injection | template | engine | SysCP | Eval |

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.


Cross-site scripting (XSS) vulnerability in SqW

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.


The delegate code in ImageMagick 6.2.4.5-0.3 al

metacharacters | ImageMagick | attackers | arbitrary | processed | filename | commands | delegate | display | command | execute | 6245-03 | allows | remote | shell | code | via |

The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.


Software vulnerabilities results 1 to 20 of 87     
Page: 12345