Searching tracker software vulnerabilities

IBM/Tivoli OPC Tracker Agent version 2 release

directories | permissions | IBM/Tivoli | insecure | creates | message | version | Tracker | release | queues | Agent | files | OPC | IPC |

IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.


IBM/Tivoli OPC Tracker Agent version 2 release

IBM/Tivoli | attackers | release | service | version | Tracker | denial | remote | allows | cause | Agent | OPC |

IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.


Buffer overflow in Check Point SmartDashboard i

SmartDashboard | authenticated | overflow | service | allows | remote | Buffer | denial | users | cause | Check | Point | R54 | R55 |

Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker.


The Util_DecodeHTTPAuth function in BNBT BitTor

Util_DecodeHTTPAuth | BitTorrent | attackers | function | earlier | service | Release | Tracker | denial | remote | allows | cause | BNBT | Beta |

The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.


Cross-site scripting (XSS) vulnerability in dow

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter.


Cross-site scripting (XSS) vulnerability in rkr

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.


Cross-site scripting (XSS) vulnerability in vbu

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.


RT: Request Tracker 3.5.HEAD allows remote atta


RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.


SQL injection vulnerability in login.php in You

YourFreeWorldcom | vulnerability | parameter | arbitrary | injection | attackers | loginphp | commands | execute | Tracker | remote | Script | allows | Short | SQL | via | Url |

SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs.


Heap-based buffer overflow in the it_read_envel

it_read_envelope | Bibliotheque | Heap-based | Universal | function | overflow | Dynamic | buffer | Music |

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of Sunday, July 16, 2006, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.


Buffer overflow in the Loader_XM::load_instrume

overflow | Buffer |

Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.


Integer overflow in the loadChunk function in l

loaders/load_gt2c | libmikmod | loadChunk | overflow | function | Integer | System | Mikmod | Sound |

Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.


PHP remote file inclusion vulnerability in incl

includes/functions_user_viewed_postsphp | phpbb_root_path | vulnerability | parameter | attackers | inclusion | arbitrary | Tracker | earlier | Nivisec | execute | allows | Viewed | remote | module | phpBB | Posts | code | User | file | PHP | via | URL |

PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.


SQL injection vulnerability in Extended Tracker

vulnerability | injection | Extended | Tracker | SQL |

SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the Monday, August 07, 2006 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.


Yourfreeworld.com Short Url & Url Tracker Scrip

Yourfreeworldcom | information | attackers | sensitive | parameter | loginphp | Tracker | invalid | message | Script | remote | allows | obtain | leaks | error | which | Short | path | via | Url |

Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509.


Directory traversal vulnerability in include/pr

include/prune_torrentsphp | vulnerability | BTI-Tracker | Directory | traversal |

Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.


The Impulse Tracker (IT) and ScreamTracker 3 (S

Tracker | Impulse |

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.


Software vulnerabilities results 1 to 20 of 27     
Page: 12