Searching settings software vulnerabilities

A Windows NT account policy for passwords has i

security-critical | inappropriate | uniqueness | passwords | settings | password | Windows | account | policy | length | has | age |

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.


A Windows NT account policy has inappropriate,

security-critical | inappropriate | settings | attempts | duration | lockout | account | Windows | policy | logon | after | etc | has | bad |

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.


Buffer overflow in fld program in Kanji on Cons

overflow | program | Console | Buffer | Kanji | fld |

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.


The default configuration of the PL/SQL Gateway

administration | authentication | configuration | Application | privileges | attackers | interface | settings | default | Gateway | remote | allows | PL/SQL | Server | Oracle | modify | which | gain | 102x | uses | null | web | DAD |

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.


Phorum 3.3.2a allows remote attackers to execut

arbitrary | attackers | commands | request | execute | Phorum | allows | remote | HTTP | 332a | via |

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.


Internet Explorer 5, 5.6, and 6 allows remote a

information | attackers | settings | sessions | Explorer | Internet | userData | browser | privacy | bypass | remote | allows | cookie | across | store | via |

Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.


CGIScript.net csNews.cgi allows remote authenti

metacharacters | authenticated | CGIScriptnet | terminating | capability | Settings" | "Advanced | arbitrary | csNewscgi | execute | quotes | fields | remote | allows | users | code | Perl | text | via |

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.


The System Configuration subsystem in Mac OS 10

Configuration | subsystem | System | Mac |

The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.


The System Configuration subsystem in Mac OS 10

Configuration | subsystem | System | Mac |

The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.


WHM AutoPilot 2.4.6.5 and earlier allows remote

AutoPilot | WHM |

WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.


phpMyAdmin 2.5.1 up to 2.5.7 allows remote atta

phpMyAdmin |

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.


reportbug 3.2 includes settings from .reportbug

reportbugrc | information | smtppasswd | sensitive | reportbug | smtpuser | includes | settings | reports | exposes | which | such | bug |

reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.


Microsoft Windows 2000 before Update Rollup 1 f

Microsoft | Windows |

Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.


imageVue 16.1 allows remote attackers to obtain

imageVue |

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.


The (1) file_exists and (2) imap_reopen functio


The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.Friday, June 16, 2006 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.


Cross-site request forgery (CSRF) vulnerability

Cross-site | forgery | request |

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | parameter | Topsites | Multiple | Aardvark | execute | remote | allow | path | code | file | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.


admin/setup.php in Just For Fun Network Managem

admin/setupphp | Management | Network | System | Just | Fun |

admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.


mod_access.c in lighttpd 1.4.15 ignores trailin

mod_accessc | lighttpd |

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.


Software vulnerabilities results 1 to 20 of 113     
Page: 123456