Searching table software vulnerabilities

The permissions for a system-critical NIS+ tabl

system-critical | permissions | table | NIS+ |

The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate.


Solaris Solstice AdminSuite (AdminSuite) 2.1 us

AdminSuite | Solstice | Solaris |

Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.


wwwthreads does not properly cleanse numeric da

privileges | wwwthreads | attackers | properly | queries | numeric | cleanse | forums | allows | remote | passed | names | table | which | gain | does | data | SQL | not |

wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.


Hughes Technology Mini SQL 2.0.10 through 2.0.1

Technology | Hughes | Mini | SQL |

Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.


icqateimg32.dll parsing/rendering library in Mi

parsing/rendering | icqateimg32dll | attackers | malformed | Mirabilis | library | service | contain | headers | denial | GIF89a | allows | remote | 2003a | cause | ICQ | GCT | not | via | Pro |

icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.


mshtml.dll in Microsoft Internet Explorer 6.0.2

Microsoft | mshtmldll | Explorer | Internet |

mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.


MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.

before | MySQL |

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.


Apple Safari 1.0 through 1.2.3 allows remote at

through | Safari | Apple |

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.


Multiple cross-site scripting vulnerabilities i

vulnerabilities | cross-site | arbitrary | attackers | ASPRunner | scripting | Multiple | script | inject | remote | allow | HTML | via | web |

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.


Unknown "overflow" in the phpgw_config table fo

phpgw_config | phpGroupWare | "overflow" | Unknown | before | table |

Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.


Unknown vulnerability in gnubiff 1.2.0 and earl

vulnerability | gnubiff | Unknown |

Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.


xpdf and kpdf do not properly validate the "loc

properly | validate | service | denial | allows | "loca" | users | cause | local | which | table | files | xpdf | kpdf | not | PDF |

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.


Cross-site scripting (XSS) vulnerability in iSQ

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php.


Buffer overflow in the open_table function in s

open_table | sql_basecc | function | overflow | Buffer | MySQL | 50x |

Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.


Cross-site scripting (XSS) vulnerability in tab

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.


MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 a

before | MySQL |

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.


Buffer overflow in the make_table function in t

make_table | component | function | overflow | Buffer | gzip | LHZ |

Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.


scripts/cronscript.php in SysCP 1.2.15 and earl

scripts/cronscriptphp | SysCP |

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.


MySQL Community Server before 5.0.45 allows rem

Community | before | Server | MySQL |

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.


Software vulnerabilities results 1 to 20 of 163     
Page: 12345...9