Searching show software vulnerabilities

The on-line help system options in Cisco router

non-privileged | information | sensitive | "enabled" | without | routers | command | options | on-line | access | obtain | system | allows | Cisco | users | show | help | via |

The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.


Directory traversal vulnerability in cosmicpro.

vulnerability | cosmicprocgi | information | Cosmicperl | sensitive | traversal | Directory | attacker | allows | remote | gain | via | Pro |

Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attacker to gain sensitive information via a .. (dot dot) in the SHOW parameter.


CDRDAO 1.1.4 and 1.1.5 allows local users to re

CDRDAO |

CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command.


phpimageview.php in PHPImageView 1.0 allows rem

phpimageviewphp | PHPImageView | information | sensitive | attackers | function | pw=show | invokes | phpinfo | obtain | allows | remote | option | which | via |

phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function.


Directory traversal vulnerability in index.php

vulnerability | parameter | arbitrary | attackers | traversal | Directory | indexphp | pathname | remote | Portal | allows | Aprox | files | show | full | read | via | PHP |

Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.


Cross-site scripting (XSS) vulnerability in (1)

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.


SQL injection vulnerability in the show_stats m

vulnerability | IbProArcade | show_stats | Arcadephp | arbitrary | parameter | injection | attackers | execute | gameid | module | allows | remote | code | SQL | via |

SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter.


index.php in PHP Links allows remote attackers

information | sensitive | attackers | parameter | indexphp | invalid | message | reveals | allows | remote | which | Links | error | path | full | show | gain | PHP | via |

index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.


PHP remote file inclusion vulnerability in Cute

vulnerability | inclusion | CuteNews | remote | file | PHP |

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.


Directory traversal vulnerability in user.cgi i

vulnerability | parameter | attackers | arbitrary | SurgeLDAP | traversal | Directory | usercgi | command | earlier | remote | allows | files | read | page | show | 10g | via |

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.


SQL injection vulnerability in dl-search.php in

vulnerability | dl-searchphp | injection | PostNuke | SQL |

SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.


SQL injection vulnerability in index.php for Li

vulnerability | Squirrelcart | Lighthouse | arbitrary | injection | attackers | indexphp | commands | execute | allows | remote | via | SQL |

SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.


show_news.php in CuteNews 1.3.6 allows remote a

show_newsphp | CuteNews |

show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter.


SQL injection vulnerability in the Downloads mo

dl-viewdownloadphp | administrators | vulnerability | arbitrary | 0760-RC4b | injection | Downloads | parameter | PostNuke | commands | execute | module | allows | show | SQL | via |

SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.


Directory traversal vulnerability in CuteNews 1

vulnerability | traversal | Directory | CuteNews |

Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.


SQL injection vulnerability in index.php in Mar

vulnerability | attackers | arbitrary | injection | parameter | indexphp | commands | earlier | execute | Marwel | allows | remote | show | SQL | via |

SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.


Cross-site scripting (XSS) vulnerability in sho

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.


Multiple SQL injection vulnerabilities in Enthu

vulnerabilities | Enthusiast | attackers | arbitrary | injection | parameter | Multiple | commands | execute | remote | allow | SQL | cat | via |

Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.


Software vulnerabilities results 1 to 20 of 113     
Page: 123456