Searching report software vulnerabilities

xine allows local users to overwrite arbitrary

overwrite | arbitrary | generated | symlink | attack | allows | report | email | local | users | files | xine | via | bug |

xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.


** UNVERIFIABLE ** SQL injection vulnerability

vulnerability | UNVERIFIABLE | PunkBuster | Screenshot | injection | Database | SQL |

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6.


The client and server for Roger Wilco 1.4.1.6 a

server | client | Wilco | Roger |

The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information.


Bottomline Webseries Payment Application allows

Application | ReportPath | Bottomline | ReportName | attackers | arbitrary | Webseries | template | modified | network | Payment | report | allows | remote | values | files | read | via |

Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.


sysreport 1.3.15 and earlier includes contents

sysreport |

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.


Directory traversal vulnerability in Ipswitch W

vulnerability | traversal | Directory | Business | Ipswitch | WhatsUp | Small |

Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).


Cross-site scripting (XSS) vulnerability in Nik

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.


SQL injection vulnerability in index.php of the

vulnerability | ibProArcade | injection | indexphp | module | report | SQL |

SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.


SQL injection vulnerability in WebCalendar 1.0.

vulnerability | WebCalendar | injection | SQL |

SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.


WHMCompleteSolution (WHMCS) before 2.3 assigns

WHMCompleteSolution |

WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability.


SQL injection vulnerability in index.asp in Tot

vulnerability | arbitrary | Ecommerce | attackers | injection | parameter | indexasp | commands | execute | allows | remote | Total | SQL | via |

SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE.


Multiple SQL injection vulnerabilities in the r

vulnerabilities | Administration | Visualized | interface | injection | Multiple | Network | report | SQL |

Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.


Unspecified versions of Mozilla Firefox allow r

Unspecified | attackers | versions | service | Mozilla | Firefox | denial | remote | allow | cause |

Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.


SQL injection vulnerability in the reports syst

vulnerability | OpenBiblio | injection | reports | before | system | SQL |

SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.


Microsoft Internet Explorer 7 allows remote att

attackers | Microsoft | Explorer | Internet | remote | allows |

Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.


Multiple unspecified vulnerabilities in FRISK S

vulnerabilities | unspecified | Antivirus | Software | Multiple | F-Prot | before | FRISK |

Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. NOTE: this might be related to CVE-2006-6293, but it is not clear due to the vagueness of the report.


** DISPUTED ** GNU screen 4.0.3 allows local u

DISPUTED | screen | GNU |

** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.


Unspecified vulnerability in Ingate Firewall an

vulnerability | Unspecified | SIParator | Firewall | before | Ingate |

Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report.


Cross-site scripting (XSS) vulnerability in AWF

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.


The report module in vtiger CRM before 5.0.3 do

vtiger | before | report | module | CRM |

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.


Software vulnerabilities results 1 to 20 of 105     
Page: 123456