Searching quote software vulnerabilities

The default configuration of McAfee VirusScan 4

configuration | "commonexe" | improperly | ImagePath | VirusScan | variable | program | default | search | allows | Trojan | McAfee | place | users | horse | quote | which | local | does | sets | path | not |

The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.


Vignette Story Server 4.1 and 6.0 allows remote

information | attackers | sensitive | Vignette | contains | request | number | allows | remote | Server | obtain | large | Story | '"' | via |

Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.


Cross-site scripting vulnerability in GoAhead W

vulnerability | Cross-site | generates | attackers | scripting | execute | message | GoAhead | found" | script | allows | Server | remote | quote | which | other | users | does | "404 | Web | URL | not | via |

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.


Cross-site scripting vulnerability in Splatt Fo

vulnerability | Cross-site | attackers | arbitrary | scripting | followed | execute | closing | script | allows | Splatt | remote | [img] | quote | other | Forum | users | via | tag |

Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.


post_message_form.asp in Web Wiz Forums 6.34 th

post_message_formasp | Forums | Wiz | Web |

post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.


Cross-site scripting (XSS) vulnerability in Sna

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.


SQL injection vulnerability in post.php for YaB

vulnerability | injection | postphp | YaBB | SQL |

SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.


MySQL before 4.0.20 allows remote attackers to

before | MySQL |

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.


Buffer overflow in the remove_quote function in

remove_quote | html2hdml | convertc | function | overflow | Buffer |

Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file.


wget 1.8.x and 1.9.x does not filter or quote c

characters | displaying | responses | arbitrary | sequences | malicious | terminal | servers | execute | control | remote | escape | inject | filter | quote | allow | which | HTTP | does | code | wget | 18x | 19x | may | not | web |

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.


Format string vulnerability in QNX 6.1 FTP clie

vulnerability | authenticated | specifiers | privileges | command | remote | Format | string | client | allows | QUOTE | group | users | gain | QNX | FTP | bin | via |

Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.


SQL injection vulnerability in gb_new.inc in Si

vulnerability | guestbookphp | attackers | arbitrary | parameter | gb_newinc | injection | commands | execute | allows | SimpGB | remote | quote | SQL | via |

SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.


Directory traversal vulnerability in Golden FTP

vulnerability | traversal | Directory | server | Golden | pro | FTP |

Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (forward slash dot dot) with a leading '"' (double quote) in the GET command.


The sql_escape_string function in auth/sql.c fo

sql_escape_string | authentication | mailutils | auth/sqlc | function | properly | module | quote | does | "\" | not | SQL |

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.


shop_display_products.php in Naxtor Shopping Ca

shop_display_productsphp | information | attackers | sensitive | Shopping | allows | Naxtor | cat_id | remote | obtain | Cart | "'" | via |

shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability.


index.php in ECW-Shop 6.0.2 allows remote attac

ECW-Shop | indexphp |

index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability.


Buffer overflow in the mail_valid_net_parse_wor

mail_valid_net_parse_work | Washington's | function | overflow | Server | Buffer | mailc | IMAP |

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.


index.php in VUBB alpha rc1 allows remote attac

installation | application | attackers | parameter | viewforum | indexphp | single | action | remote | allows | obtain | quote | alpha | path | VUBB | rc1 | via | set |

index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote (').


SQL injection vulnerability in search.asp in Di

vulnerability | authenticated | Digitizing | arbitrary | parameter | injection | searchasp | commands | ordernum | Ordering | execute | allows | System | remote | Quote | users | SQL | via |

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.


index.php in Nwom topsites 3.0 allows remote at

potentially | information | attackers | sensitive | topsites | indexphp | remote | allows | obtain | Nwom | via |

index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.


Software vulnerabilities results 1 to 20 of 71     
Page: 1234