reg software vulnerabilities
vulnerabilities.aspcode.net
Searching reg software vulnerabilities
Greymatter 1.21c and earlier with the Bookmarkl
gmrightclick-*reg
|
administrative
|
administrator
|
Bookmarklet
|
Greymatter
|
privileges
|
retrieving
|
attackers
|
cleartext
|
performs
|
contains
|
guessing
|
password
|
enabled
|
feature
|
earlier
|
"Clear
|
remote
|
server
|
before
|
action
|
allows
|
which
|
Exit"
|
121c
|
read
|
file
|
name
|
gain
|
then
|
web
|
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.
The code for writing reg files in Samba before
writing
|
before
|
Samba
|
files
|
code
|
reg
|
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
** DISPUTED ** NOTE: this issue has been dispu
DISPUTED
|
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
Cross-site scripting (XSS) vulnerability in Fla
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) company, (6) city, (7) postcode, or (8) telephone parameters to site/scripts/register.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
injection
|
DISPUTED
|
Invision
|
Multiple
|
Power
|
Board
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run."
The RFC_SET_REG_SERVER_PROPERTY function in the
RFC_SET_REG_SERVER_PROPERTY
|
function
|
Library
|
RFC
|
SAP
|
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before Tuesday, January 09, 2007 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Software vulnerabilities results 1 to 8 of 8
Page:
1