skins software vulnerabilities
vulnerabilities.aspcode.net
Searching skins software vulnerabilities
The default installation of Ultraboard 2000 2.1
installation
|
Ultraboard
|
default
|
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
Headlight Software MyGetright prior to 1.0b all
MyGetright
|
arbitrary
|
overwrite
|
malicious
|
Headlight
|
attacker
|
Software
|
and/or
|
upload
|
remote
|
allows
|
files
|
prior
|
dld
|
10b
|
via
|
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
Directory traversal vulnerability in Microsoft
vulnerability
|
hex-encoded
|
characters
|
containing
|
Directory
|
arbitrary
|
attackers
|
Microsoft
|
backslash
|
traversal
|
execute
|
Windows
|
Player
|
allows
|
remote
|
Media
|
skins
|
code
|
file
|
URL
|
via
|
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
AJ-Fork 167 does not restrict access to directo
AJ-Fork
|
AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.
Lexmark X1185 printer allows local users to gai
"Appearance"
|
"Additional
|
privileges
|
navigating
|
selecting
|
Lexmark
|
printer
|
dialog
|
styles
|
allows
|
SYSTEM
|
X1185
|
local
|
users
|
gain
|
Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges.
PHP remote file inclusion vulnerability in skin
skins/advanced/advanced1php
|
vulnerability
|
Sabdrimer
|
inclusion
|
remote
|
file
|
Pro
|
PHP
|
PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter.
MediaWiki before 1.9.2 allows remote attackers
MediaWiki
|
before
|
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.
Cross-site scripting (XSS) vulnerability in ski
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
** DISPUTED ** Multiple PHP remote file inclus
vulnerabilities
|
b2evolution
|
inclusion
|
attackers
|
arbitrary
|
DISPUTED
|
Multiple
|
execute
|
remote
|
allow
|
code
|
file
|
URL
|
via
|
PHP
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.
PHP remote file inclusion vulnerability in skin
skins/headerphp
|
vulnerability
|
Translation
|
inclusion
|
Engine
|
remote
|
file
|
Open
|
PHP
|
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
Community
|
arbitrary
|
attackers
|
inclusion
|
phpChess
|
Multiple
|
Edition
|
execute
|
remote
|
allow
|
code
|
file
|
URL
|
via
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
Unspecified vulnerability in Microsoft Windows
vulnerability
|
Unspecified
|
arbitrary
|
attackers
|
Microsoft
|
execute
|
Windows
|
remote
|
Player
|
allows
|
Media
|
skin
|
file
|
code
|
via
|
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."
Microsoft Windows Media Player 7.1, 9, 10, and
attackers
|
arbitrary
|
Microsoft
|
Windows
|
execute
|
Player
|
allows
|
remote
|
Media
|
skin
|
file
|
code
|
via
|
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."
Software vulnerabilities results 1 to 14 of 14
Page:
1