Searching tac plus software vulnerabilities

PowerChute plus 5.0.2 creates a "Pwrchute" dire

PowerChute | plus |

PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.


The DeviceIoControl function in the TrueVector

DeviceIoControl | TrueVector | function | Driver | Device |

The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").


The Smc.exe process in My Firewall Plus 5.0 bui

Firewall | process | Smcexe | build | Plus |

The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.


ISQL*Plus in Oracle 10g Application Server allo

Application | ISQL*Plus | arbitrary | attackers | parameter | absolute | pathname | loaduix | execute | Server | Oracle | script | allows | remote | files | file | via | 10g |

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.


Buffer overflow in the PopUp Plus 2.0.3.8 plugi

overflow | Buffer | PopUp | Plus |

Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.


SQL injection vulnerability in out.php in CJ Ul

vulnerability | injection | outphp | Ultra | SQL |

SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.


Heap-based buffer overflow in the Admin Plus Pa

Heap-based | overflow | through | VERITAS | buffer | Backup | Option | Admin | Exec | Plus | Pack |

Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.


Directory traversal vulnerability in the web in

vulnerability | interface | Directory | traversal | web |

Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter.


iSQL*Plus (isqlplus) for Oracle9i Database Serv

iSQL*Plus |

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.


3Com Baseline Switch 2848-SFP Plus Model #3C164

2848-SFP | firmware | #3C16486 | Baseline | before | Switch | Model | 3Com | Plus |

3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.


My Firewall Plus 5.0 Build 1119 does not verify

Firewall | Build | Plus |

My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.


PassGo SSO Plus 2.1.0.32, and probably earlier

PassGo | Plus | SSO |

PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs.


SQL injection vulnerability in admin/admin_acro

admin/admin_acronymsphp | vulnerability | injection | Acronym | Mod | SQL |

SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.


Format string vulnerability in the log creation

vulnerability | functionality | Professional | BitDefender | creation | Client | Format | string | Plus | log |

Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.


PHP remote file inclusion vulnerability in prev

vulnerability | previewphp | inclusion | remote | Magic | News | file | Plus | PHP |

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.


Cross-site scripting (XSS) vulnerability in Mag

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.


Cross-site scripting (XSS) vulnerability in RM

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.


Multiple unspecified vulnerabilities in EQDKP P

vulnerabilities | unspecified | Multiple | before | EQDKP | Plus |

Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.


SQL injection vulnerability in store_info.php i

vulnerability | store_infophp | Classifieds | arbitrary | attackers | injection | parameter | commands | execute | SoftBiz | allows | remote | PLUS | SQL | via |

SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.


Software vulnerabilities results 1 to 20 of 58     
Page: 123