Searching profile software vulnerabilities

FTP Explorer uses weak encryption for storing t

encryption | password | username | Explorer | profile | storing | sites | uses | weak | FTP |

FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.


msgchk in Digital UNIX 4.0G and earlier allows

mh_profile | arbitrary | earlier | Digital | symlink | attack | msgchk | allows | files | first | local | file | user | UNIX | read | line | 40G | via |

msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.


FTP service in Alcatel OmniPCX 4400 allows the

Alcatel | OmniPCX | service | FTP |

FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.


SQL injection vulnerability in Gender MOD 1.1.3

vulnerability | injection | Gender | MOD | SQL |

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.


The pfexec function for Sun Solaris 8 and 9 doe

privileges | additional | exec_attr | profiles | contains | database | properly | function | commands | invalid | execute | profile | Solaris | rights | pfexec | handle | custom | users | local | which | entry | allow | does | Sun | may | not |

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.


ADP Elite System Max 9000 allows remote authent

System | Elite | Max | ADP |

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.


Cisco IOS 12.2T, 12.3 and 12.3T, when processin

Cisco | 122T | IOS |

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.


Unknown vulnerability in sCssBoard 1.11 and ear

vulnerability | sCssBoard | Unknown |

Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."


Musicmatch 10.00.2047 and earlier store log fil

Musicmatch |

Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information.


Buffer overflow in the Microsoft Color Manageme

Management | attackers | arbitrary | Microsoft | overflow | crafted | execute | profile | Windows | format | Buffer | allows | Module | remote | Color | image | tags | code | via | ICC |

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.


Hummingbird FTP for Connectivity 10.0 uses weak

Connectivity | Hummingbird | FTP |

Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.


SQL injection vulnerability in memberlist.php i

vulnerability | memberlistphp | injection | Forum | WSN | SQL |

SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action.


Cross-site scripting (XSS) vulnerability in Mar

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.


profile.php in FunkBoard CF0.71 allows remote a

profilephp | attackers | arbitrary | passwords | FunkBoard | modified | Profile | remote | hidden | action | change | allows | field | CF071 | Edit | form | via | uid |

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.


myprofile.asp in Enthrallweb eCoupons does not

authenticated | myprofileasp | MM_recordId | Enthrallweb | specifying | parameter | account's | username | properly | modified | eCoupons | validate | account | another | certain | updates | profile | remote | during | fields | modify | allows | which | users | does | not |

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.


myprofile.asp in Enthrallweb eNews does not pro

authenticated | myprofileasp | MM_recordId | Enthrallweb | specifying | parameter | account's | modified | username | validate | properly | account | another | certain | updates | profile | during | fields | remote | allows | modify | eNews | which | users | does | not |

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.


myprofile.asp in Enthrallweb eClassifieds does

authenticated | eClassifieds | myprofileasp | MM_recordId | Enthrallweb | specifying | parameter | account's | properly | username | modified | validate | account | another | certain | updates | profile | remote | during | fields | modify | allows | which | users | does | not |

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.


cgi-lib/subs.pl in web-app.net WebAPP before 0.

cgi-lib/subspl | web-appnet | before | WebAPP |

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.


WebAPP before 0.9.9.5 allows remote Guest users

before | WebAPP |

WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.


Software vulnerabilities results 1 to 20 of 103     
Page: 123456