Searching sas base software vulnerabilities

aaa_base in SuSE Linux 6.3, and cron.daily in e

incorrectly | interpreted | arbitrary | crondaily | directory | creating | versions | aaa_base | earlier | include | expired | deletes | delete | spaces | allow | local | users | Linux | files | whose | which | names | /tmp | then | SuSE |

aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.


Cisco AP340 base station produces predictable T

predictable | produces | Sequence | Initial | Numbers | station | Cisco | AP340 | base | TCP |

Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.


Buffer overflow in (1) sastcpd in SAS/Base 8.0

overflow | Buffer |

Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.


sastcpd in SAS/Base 8.0 allows local users to e

environment | reference | arbitrary | malicious | executed | authprog | SAS/Base | variable | program | execute | sastcpd | setting | allows | which | users | local | code | then |

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.


sastcpd in SAS/Base 8.0 might allow local users

segmentation | environment | privileges | netencralg | variable | SAS/Base | setting | sastcpd | causes | fault | which | local | users | might | allow | gain |

sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.


Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x

Firewall | Cisco | PIX |

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.


S-PLUS 6.0 allows local users to overwrite arbi

privileges | overwrite | arbitrary | possibly | elevate | symlink | S-PLUS | attack | allows | users | local | files | via |

S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.


PHP remote file inclusion vulnerability in affi

vulnerability | inclusion | affichphp | Gemitel | remote | file | PHP |

PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.


SQL injection vulnerability in kb.php in the Kn

vulnerability | information | attackers | sensitive | Knowledge | injection | parameter | commands | execute | obtain | module | allows | remote | kbphp | phpBB | Base | SQL | cat | via |

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.


global.php in YaPiG 0.92b allows remote attacke

attackers | arbitrary | globalphp | parameter | BASE_DIR | include | allows | remote | YaPiG | files | local | 092b | via |

global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.


SQL injection vulnerability in base_qry_main.ph

base_qry_mainphp | vulnerability | Intrusion | Databases | injection | Analysis | Console | SQL |

SQL injection vulnerability in base_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and Basic Analysis and Security Engine (BASE) 1.2 allows remote attackers to execute arbitrary SQL commands via the sig[1] parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.


SQL injection vulnerability in search.php in At

vulnerability | AtlantisFAQ | Knowledge | searchphp | injection | Software | Base | SQL |

SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.


base_maintenance.php in Basic Analysis and Secu

base_maintenancephp | Security | Analysis | Engine | Basic |

base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.


PHP remote file inclusion vulnerability in stat

MyGamingLadder | vulnerability | attackers | parameter | dir[base] | arbitrary | inclusion | statsphp | execute | remote | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.


PHP remote file inclusion vulnerability in Basi

vulnerability | inclusion | Analysis | Security | Engine | remote | Basic | file | PHP |

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.


** DISPUTED ** PHP remote file inclusion vulne

libraries/amfphp/amf-core/custom/CachedGatewayphp | vulnerability | AMFPHP_BASE | parameter | inclusion | attackers | arbitrary | DISPUTED | execute | remote | allows | Adobe | code | file | via | PHP | SDK |

** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant.


Unspecified vulnerability in Peanut Knowledge B

vulnerability | Unspecified | Knowledge | Peanut | Base |

Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.


** DISPUTED ** PHP remote file inclusion vulne

myIpacNG-stats | vulnerability | inclusion | DISPUTED | initphp | remote | Tkotz | file | Jens | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use.


Software vulnerabilities results 1 to 20 of 106     
Page: 123456