team software vulnerabilities
vulnerabilities.aspcode.net
Searching team software vulnerabilities
Multiple buffer overflows in Samba before 2.2.8
vulnerability
|
CVE-2003-0201
|
discovered
|
attackers
|
arbitrary
|
overflows
|
different
|
Multiple
|
execute
|
service
|
denial
|
buffer
|
before
|
remote
|
Samba
|
allow
|
cause
|
than
|
code
|
228a
|
team
|
may
|
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
** DISPUTED ** PHP treats unknown methods such
restrictions
|
demonstrated
|
attackers
|
directive
|
DISPUTED
|
intended
|
running
|
unknown
|
request
|
methods
|
Apache
|
treats
|
server
|
passes
|
access
|
"PoSt"
|
httpd
|
allow
|
Limit
|
using
|
which
|
could
|
such
|
all
|
GET
|
PHP
|
** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
Unknown vulnerability in the SmartHTML interpre
vulnerability
|
interpreter
|
SmartHTML
|
Unknown
|
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Cross-site scripting vulnerability (XSS) in Nuk
vulnerability
|
Cross-site
|
scripting
|
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
Format string vulnerability in the game console
vulnerability
|
console
|
Format
|
string
|
Hired
|
game
|
Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message.
Hired Team: Trial 2.0 and earlier and 2.200 all
Hired
|
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.
Hired Team: Trial 2.0 and earlier and 2.200 all
Hired
|
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command.
Hired Team: Trial 2.0 and earlier and 2.200 doe
Hired
|
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
Windows SharePoint Services and SharePoint Team
SharePoint
|
Services
|
Windows
|
Server
|
Team
|
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
Multiple SQL injection vulnerabilities in paFil
vulnerabilities
|
arbitrary
|
injection
|
attackers
|
parameter
|
commands
|
formname
|
Multiple
|
paFileDB
|
execute
|
earlier
|
remote
|
allow
|
SQL
|
via
|
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
Cross-site scripting (XSS) vulnerability in _vt
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
Multiple SQL injection vulnerabilities in Milke
vulnerabilities
|
injection
|
Milkeyway
|
Multiple
|
Captive
|
Portal
|
SQL
|
Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php.
SQL injection vulnerability in chat/messagesL.p
chat/messagesLphp3
|
vulnerability
|
phpHeaven
|
PHPMyChat
|
injection
|
Team
|
SQL
|
SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
phpBlueDragon
|
inclusion
|
Multiple
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.
** DISPUTED ** Cross-site scripting (XSS) vuln
Cross-site
|
scripting
|
DISPUTED
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website."
Software vulnerabilities results 1 to 16 of 16
Page:
1