Searching reported software vulnerabilities

Buffer overflows in Microsoft SQL Server 7.0 an

Microsoft | overflows | Server | Buffer | SQL |

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.


Directory traversal vulnerability in GoAhead We

vulnerability | attackers | arbitrary | traversal | Directory | GoAhead | encoded | remote | Server | allows | files | read | Web | URL | via |

Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.


The design of the Internet Key Exchange (IKE) p

Exchange | Internet | design | Key |

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.


LCC-Win32 3.2 compiler, when running on Windows

information | previously | LCC-Win32 | sensitive | attackers | compiler | portions | Windows | running | import | writes | memory | allow | could | after | table | which | used | gain |

LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.


Cisco IOS 12.2 and earlier generates a "% Login

Cisco | IOS |

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.


HelpViewer in Mac OS X 10.3.3 and 10.2.8 proces

HelpViewer | Mac |

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.


Phorum allows remote attackers to hijack sessio

phorum_uriauth | demonstrated | profilephp | replaying | parameter | attackers | stealing | sessions | session | hijack | remote | allows | Phorum | using | users | other | hash |

Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.


SQL injection vulnerability in IP3 Networks Net

authentication | vulnerability | NetAccess | Appliance | attackers | injection | firmware | Networks | 3118b13 | remote | bypass | before | allows | via | SQL | IP3 |

SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.


chat.ghp in Easy Chat Server 1.2 allows remote

attackers | service | chatghp | remote | denial | Server | allows | cause | Easy | Chat |

chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.


Buffer overflow in ArGoSoft FTP Server 1.4.2.8

ArGoSoft | overflow | Server | Buffer | FTP |

Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.


PHP remote file inclusion vulnerability in Czar

vulnerability | inclusion | attackers | parameter | arbitrary | CzarNews | execute | allows | remote | tpath | code | 113b | file | PHP | via |

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.


Multiple SQL injection vulnerabilities in show.

vulnerabilities | injection | arbitrary | attackers | commands | BirthSys | variable | Multiple | execute | showphp | $month | remote | allow | SQL | via |

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.


SQL injection vulnerability in pages.asp in Min

vulnerability | injection | Mini-Nuke | pagesasp | System | CMS | SQL |

SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.


PHP remote file inclusion vulnerability in arch

vulnerability | archivephp | Fantastic | inclusion | remote | News | file | PHP |

PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.


PHP 4.4.2 and 5.1.2 allows local users to cause

PHP |

PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.


PHP remote file inclusion vulnerability in conf

vulnerability | phpListPro | returnpath | configphp | attackers | arbitrary | inclusion | parameter | execute | earlier | remote | allows | code | file | PHP | via |

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.


Cross-site scripting (XSS) vulnerability in qto

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.


Rigter Portal System (RPS) 1.0, 2.0, and 3.0 al

System | Portal | Rigter |

Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.


Buffer overflow in kern/uipc_mbuf2.c in OpenBSD

kern/uipc_mbuf2c | fragmented | "incorrect | attackers | arbitrary | packets" | overflow | handling | packets | OpenBSD | execute | Buffer | allows | remote | ICMP6 | mbuf | code | IPv6 | due | via |

Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.


FTPDMIN 0.96 allows remote attackers to cause a

FTPDMIN |

FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument.


Software vulnerabilities results 1 to 20 of 120     
Page: 12345...7