Searching publisher software vulnerabilities

Buffer overflow in Web Publisher in iPlanet Web

Enterprise | attackers | arbitrary | Publisher | possibly | overflow | execute | service | earlier | request | iPlanet | Edition | Buffer | denial | allows | Server | remote | cause | long | code | URI | Web | via |

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.


iPlanet Web Server Enterprise Edition and Netsc

Authentication | wp-force-auth | Enterprise | attackers | detection | Publisher | distinct | provides | guessing | password | Netscape | conduct | command | iPlanet | without | Edition | vector | allows | remote | easier | attack | Server | brute | force | Basic | which | make | HTTP | via | Web | may |

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.


Cross-site scripting vulnerability (XSS) in (1)

vulnerability | Cross-site | scripting |

Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL.


askSam Web Publisher 1.0 and 4.0 allows remote

determine | attackers | generates | directory | Publisher | request | reveals | message | askSam | allows | remote | exist | which | error | does | full | root | path | file | Web | not | via |

askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.


The publisher handler for mod_python 2.7.8 and

mod_python | publisher | handler |

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.


Cross-site scripting (XSS) vulnerability in bro

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter.


Multiple SQL injection vulnerabilities in index

vulnerabilities | injection | Publisher | indexphp | Multiple | NeLogic | Nephp | SQL |

Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters.


Stack-based buffer overflow in Microsoft Publis

Stack-based | Microsoft | Publisher | overflow | buffer |

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.


Unspecified vulnerability in the local weblog p

vulnerability | Unspecified | publisher | Nidelven | Dealer | weblog | before | local | Issue |

Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm.


UPOINT @1 Event Publisher stores sensitive info

eventpublishertxt | insufifcient | information | sensitive | Publisher | attackers | document | comments | request | control | private | allows | direct | remote | stores | UPOINT | access | under | which | Event | root | read | web | via |

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt.


Cross-site scripting (XSS) vulnerability in tab

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.


SQL injection vulnerability in category.php in

vulnerability | categoryphp | Publisher | injection | Article | Pro | SQL |

SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.


Cross-site scripting (XSS) vulnerability in new

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.


SQL injection vulnerability in bpg/publications

bpg/publications_listasp | Publisher//Pro | vulnerability | BPG-InfoTech | Publisher | injection | Smart | Easy | SQL |

SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.


Multiple SQL injection vulnerabilities in categ

vulnerabilities | categoriesasp | Publisher | arbitrary | attackers | injection | Multiple | commands | execute | remote | gNews | allow | via | SQL |

Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.


Cross-site scripting (XSS) vulnerability in art

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.


SQL injection vulnerability in articles.asp in

vulnerability | articlesasp | Expinionnet | injection | iNews | SQL |

SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher.


PUBCONV.DLL in Microsoft Office Publisher 2007

PUBCONVDLL | Publisher | Microsoft | Office |

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".


Software vulnerabilities results 1 to 20 of 24     
Page: 12