Searching them software vulnerabilities

MS Site Server 2.0 with IIS 4 can allow users t

including | commands | remotely | allowing | content | execute | target | Server | upload | allow | users | thus | Site | them | can | IIS | web | ASP |

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.


XFree86 xfs command is vulnerable to a symlink

directories | vulnerable | restricted | privileges | possibly | allowing | service | XFree86 | symlink | command | denial | attack | create | local | cause | files | users | them | gain | xfs |

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.


Netopia Timbuktu Pro sends user IDs and passwor

passwords | cleartext | attackers | Timbuktu | sniffing | Netopia | allows | obtain | remote | sends | which | them | user | Pro | via | IDs |

Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.


The FSserial, FlagShip_c, and FlagShip_p progra

world-writeable | FlagShip_p | FlagShip_c | installed | programs | FSserial | FlagShip | replace | package | Trojan | horses | allows | local | which | users | them |

The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.


FoolProof 3.9 allows local users to bypass prog

restrictions | downloading | executables | restricted | execution | FoolProof | renaming | another | program | source | allows | bypass | users | local | them |

FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them.


Lucent/ORiNOCO WaveLAN cards generate predictab

Initialization | Lucent/ORiNOCO | predictable | generate | WaveLAN | Vector | cards |

Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages.


phpMyAdmin 2.2.0rc3 and earlier allows remote a

arbirtrary | phpMyAdmin | attackers | inserting | commands | earlier | execute | 220rc3 | remote | allows | into | them |

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbirtrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.


Kerio Personal Firewall (KPF) 2.1.4 and earlier

Firewall | Personal | Kerio |

Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server.


Remote PC Access Server 2.2 allows remote attac

attackers | service | denial | allows | Access | Remote | Server | cause |

Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server.


Buffer overflow in sys_cmd.c for gtkftpd 1.0.4

sys_cmdc | overflow | gtkftpd | Buffer |

Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.


comersus_gatewayPayPal.asp in Comersus Cart 5.0

comersus_gatewayPayPalasp | Comersus | Cart |

comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.


OpenText FirstClass 8.0 client does not properl

ShellExecute | FirstClass | attackers | arbitrary | OpenText | bookmark | commands | sanitize | properly | Windows | execute | strings | passing | remote | client | allows | before | which | does | path | them | API | UNC | not | via |

OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.


Safari after 2.0 in Apple Mac OS X 10.3.9 allow

Safari | Apple | after | Mac |

Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.


Exponent CMS 0.96.3 and later versions performs

Exponent | CMS |

Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.


Nodezilla 0.4.13-corno-fulgure does not properl

0413-corno-fulgure | PRIVATEDATADIR | nodezillaini | information | directory | protected | attackers | sensitive | Nodezilla | properly | evl_data | protect | shared | remote | allows | obtain | which | could | allow | does | them | they | not |

Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information.


Ansilove before 1.03 does not filter uploaded f

Ansilove | before |

Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.


Multiple SQL injection vulnerabilities in index

vulnerabilities | administrator | privileges | Pixelpost | attackers | injection | arbitrary | commands | leverage | indexphp | 1-5rc1-2 | Multiple | earlier | execute | remote | allow | gain | them | via | SQL |

Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.


help.php in Moodle before 1.6.2 does not check

helpphp | before | Moodle |

help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.


Mozilla Firefox 2.0.0.1 through 2.0.0.3 does no

Firefox | Mozilla |

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.


The FPOLE.OCX 6.0.8450.0 ActiveX control in Mic

FPOLEOCX |

The FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.


Software vulnerabilities results 1 to 20 of 52     
Page: 123