Searching side software vulnerabilities

Buffer overflows in htimage.exe and Imagemap.ex

vulnerability | "Server-Side | Components" | Imagemapexe | Extensions | htimageexe | activities | otherwise | available | FrontPage | overflows | through | conduct | Server | Buffer | Image | allow | user | site | Map | not | web | aka |

Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.


Small HTTP Server 2.01 does not properly proces

Server | Small | HTTP |

Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.


Alcatel ADSL modems allow remote attackers to a

attackers | Transfer | Protocol | Alcatel | Trivial | modems | access | remote | allow | ADSL | File |

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.


Scripts For Educators MakeBook 2.2 CGI program

server-side | attackers | Educators | visitors | MakeBook | includes | execute | Scripts | program | script | allows | remote | other | CGI |

Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.


The web interface for SOHO Routefinder 550 firm

Routefinder | interface | SOHO | web |

The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.


Buffer overflow in ssinc.dll for Microsoft Inte

Information | Microsoft | Internet | Services | ssincdll | overflow | Buffer |

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."


CachÃ© Database 5.x installs the /cachesys/cs

/cachesys/csp | permissions | server-side | privileges | arbitrary | directory | executed | CachÃ© | installs | Database | insecure | execute | scripts | adding | allows | local | which | users | code | root |

CachÃ© Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.


PeopleSoft Gateway Administration servlet (gate

Administration | PeopleSoft | servlet | Gateway |

PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.


SNMPc 6.0.8 and earlier performs authentication

SNMPc |

SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.


Heap-based buffer overflow in the sec_filter_ou

sec_filter_out | mod_security | Heap-based | function | overflow | through | buffer | 17RC1 |

Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.


Zyxel P310, P314, P324 and Netgear RT311, RT314

attackers | interface | generates | firmware | pinging | running | Netgear | address | allows | remote | obtain | latest | WAN's | which | valid | Zyxel | RT311 | RT314 | reply | maps | P324 | side | P310 | P314 | MAC | WAN | LAN | ARP |

Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.


boastMachine 3.1 allows remote attackers to obt

boastMachine | information | attackers | sensitive | request | direct | remote | allows | obtain | via |

boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.


Symantec Scan Engine 5.0.0.24, and possibly oth

Symantec | Engine | Scan |

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.


add.asp in DUware DUbanner 3.1 allows remote at

client-side | enforcement | extensions | arbitrary | uploading | attackers | probably | DUbanner | bypassed | execute | DUware | addasp | remote | allows | files | such | code | due | can | ASP |

add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague.


The NeoScale Systems CryptoStor 700 series appl

CryptoStor | NeoScale | Systems |

The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.


Cross-site scripting (XSS) vulnerability in Bla

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.


Unrestricted file upload vulnerability in add.a

vulnerability | Unrestricted | client-side | attackers | arbitrary | security | removing | possibly | OzzyWork | execute | Gallery | earlier | checks | allows | addasp | upload | remote | files | file | ASP |

Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.


Multiple cross-site request forgery (CSRF) vuln

cross-site | Multiple | forgery | request |

Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.


PHP remote file inclusion vulnerability in inde

vulnerability | Management | inclusion | indexphp | Content | remote | System | Side | file | PHP | Net |

PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter.


Unspecified vulnerability in the server side of

vulnerability | Unspecified | Secure | server | Copy | side |

Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.


Software vulnerabilities results 1 to 20 of 29     
Page: 12