Searching special software vulnerabilities

Windows NT 4.0 SP 6a allows a local user with w

winnt/system32 | service | Windows | access | allows | denial | cause | local | write | user |

Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.


The glob functionality in ProFTPD 1.2.1, and po

functionality | ProFTPD | glob |

The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.


Multiple buffer overflows in Novell iChain 2.1

overflows | attackers | Multiple | service | denial | before | buffer | Novell | iChain | cause | Field | Patch | allow |

Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."


Internet Explorer 6 on Double Byte Character Se

Character | Explorer | Internet | Double | Byte | Set |

Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."


Apache for Apple Mac OS X 10.2.8 and 10.3.6 all

Apache | Apple | Mac |

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.


viewtopic.php in phpBB 2.x before 2.0.11 improp

viewtopicphp | before | phpBB |

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.


Gadu-Gadu 6.1 build 156 allows remote attackers

Gadu-Gadu | build |

Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.


Buffer overflow in the Web Client service in Mi

Microsoft | overflow | service | Windows | Server | Buffer | Client | Web |

Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.


Cross-site scripting (XSS) vulnerability in SqW

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.


fusermount in FUSE before 2.4.1, if installed s

fusermount | before | FUSE |

fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.


Group.pm in Metadot Portal Server 6.4.4 and ear

Metadot | Grouppm | Server | Portal |

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.


RockLiffe MailSite HTTP Mail management agent (

management | RockLiffe | MailSite | agent | HTTP | Mail |

RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as "|".


Unspecified vulnerability in IBM WebSphere Appl

vulnerability | Application | Unspecified | WebSphere | Server | IBM |

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php.


IBM WebSphere Application Server (WAS) 5.0 thro

Application | WebSphere | Server | IBM |

IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."


lib/modules.inc in LDAP Account Manager (LAM) b

lib/modulesinc | Account | Manager | LDAP |

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).


Cross-site scripting (XSS) vulnerability in aut

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | config[pathMod] | inclusion | attackers | arbitrary | parameter | Multiple | indexphp | execute | earlier | remote | PMECMS | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.


Unspecified vulnerability in the strfreectty fu

vulnerability | strfreectty | Unspecified | function | Special | System | File |

Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.


SQL injection vulnerability in start.php in Web

Webace-Linkscript | vulnerability | injection | startphp | SQL |

SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.


Software vulnerabilities results 1 to 20 of 34     
Page: 12