Searching stating software vulnerabilities

** DISPUTED ** Multiple cross-site scripting (

cross-site | scripting | DISPUTED | Multiple |

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script."


The SSL server implementation in NILE.NLM in No

implementation | Enterprise | NetWare | NILENLM | server | Novell | Open | SSL |

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.


** DISPUTED ** Format string vulnerability in

vulnerability | DISPUTED | Mailman | before | Format | string |

** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."


** DISPUTED ** Cross-site scripting (XSS) vuln

Cross-site | scripting | DISPUTED |

** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer."


** DISPUTED ** Microsoft Internet Explorer 7.0

Microsoft | attackers | Explorer | DISPUTED | Internet | service | denial | allows | remote | cause | Beta |

** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3.


** DISPUTED ** SQL injection vulnerability in

vulnerability | AFCommerce | attackers | arbitrary | injection | Shopping | commands | DISPUTED | Amazing | execute | remote | search | allows | Flash | field | Cart | SQL | via |

** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried."


** DISPUTED ** Unspecified vulnerability in Xc

vulnerability | Unspecified | DISPUTED | Xchat |

** DISPUTED ** Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version".


** DISPUTED ** ld.so in FreeBSD, NetBSD, and p

distributions | environment | privileges | variables | processes | DISPUTED | possibly | certain | harmful | loading | passing | FreeBSD | allows | NetBSD | remove | users | other | local | which | does | ldso | gain | not | BSD |

** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.


** DISPUTED ** SQL injection vulnerability in

vulnerability | productsasp | injection | shopping | DISPUTED | Evolve | cart | SQL |

** DISPUTED ** SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error.


SQL injection vulnerability in EasyPage allows

sptrees/defaultaspx | vulnerability | unspecified | arbitrary | involving | parameter | attackers | injection | EasyPage | commands | possibly | vectors | execute | remote | allows | docId | SQL | via |

SQL injection vulnerability in EasyPage allows remote attackers to execute arbitrary SQL commands via unspecified vectors in sptrees/default.aspx, possibly involving the docId parameter. NOTE: this issue appears to have been disputed by a third party researcher, stating that SQL injection is not possible. However, insufficient details were provided to evaluate the dispute.


** DISPUTED ** PHP remote file inclusion vulne

vulnerability | inclusion | FreeForum | indexphp | DISPUTED | remote | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used.


** DISPUTED ** Cross-site scripting (XSS) vuln

Cross-site | scripting | DISPUTED |

** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly."


** DISPUTED ** SQL injection vulnerability in

vulnerability | unspecified | installphp | attackers | arbitrary | injection | commands | DISPUTED | execute | vectors | mcRefer | allows | remote | SQL | via |

** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.


** DISPUTED ** Multiple PHP remote file inclus

vulnerabilities | inclusion | attackers | arbitrary | parameter | Multiple | DISPUTED | execute | phpXmms | remote | tcmdp | allow | file | code | PHP | via | URL |

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.


** DISPUTED ** PHP remote file inclusion vulne

vulnerability | signupphp | inclusion | DISPUTED | remote | CLBOX | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use.


** DISPUTED ** PHP remote file inclusion vulne

includes/usercp_registerphp | vulnerability | inclusion | DISPUTED | remote | phpBB | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly.


** DISPUTED ** PatrolAgent.exe in BMC Performa

authentication | PatrolAgentexe | configuration | Performance | arbitrary | attackers | requests | DISPUTED | execute | request | Manager | require | allows | remote | modify | files | which | does | port | code | TCP | BMC | via | not |

** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured.


** DISPUTED ** PHP remote file inclusion vulne

vulnerability | inclusion | attackers | parameter | arbitrary | DISPUTED | indexphp | Gallery | execute | allows | remote | Script | code | Ivan | file | dir | PHP | via | URL |

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use.


PHP remote file inclusion vulnerability in inde

path_to_folder | vulnerability | parameter | attackers | arbitrary | inclusion | indexphp | Gallery | execute | remote | allows | Maian | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0."


PHP remote file inclusion vulnerability in sear

path_to_folder | vulnerability | searchphp | attackers | parameter | arbitrary | inclusion | execute | allows | remote | Search | Maian | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem."


Software vulnerabilities results 1 to 20 of 70     
Page: 1234