Searching uid software vulnerabilities

NFS allows attackers to read and write any file

specifying | attackers | system | allows | false | write | read | file | UID | NFS | any |

NFS allows attackers to read and write any file on the system by specifying a false UID.


A Unix account with a name other than "root" ha

privileges | account | "root" | other | root | name | Unix | than | has | UID |

A Unix account with a name other than "root" has UID 0, i.e. root privileges.


Certain programs in HP-UX 10.20 do not properly

programs | Certain | HP-UX |

Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.


glFtpD includes a default glftpd user account w

password | includes | account | default | glFtpD | user | UID |

glFtpD includes a default glftpd user account with a default password and a UID of 0.


PHP-Nuke 4.4.1a allows remote attackers to modi

attackers | password | PHP-Nuke | guessing | address | obtain | user's | remote | allows | modify | email | user | 441a |

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.


userinfo.php in XOOPS 1.0 RC1 allows remote att

information | userinfophp | sensitive | parameter | injection | attackers | allows | attack | obtain | remote | "uid" | XOOPS | via | SQL | RC1 |

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.


Etnus TotalView 5.0.0-4 installs certain files

TotalView | installs | certain | files | 500-4 | Etnus | UID |

Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.


Pine 4.2.1 through 4.4.4 puts Unix usernames an

Pine |

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.


pam_wheel in Linux-PAM 0.78, with the trust opt

Linux-PAM | pam_wheel |

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.


kmod in the Linux kernel does not set its uid,

service | denial | allows | kernel | local | which | Linux | cause | users | sgid | does | suid | kmod | not | set | gid | uid | its |

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.


activate.php in versatileBulletinBoard (vBB) 0.

versatileBulletinBoard | activatephp |

activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid.


Load Sharing Facility (LSF) 4.x, 5.x, and 6.x u

Facility | Sharing | Load |

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.


MailWorks Professional allows remote attackers

authentication | Professional | privileges | MailWorks | attackers | "auth=1" | contains | "uId=1" | cookie | bypass | remote | allows | gain | via |

MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."


SQL injection vulnerability in member.php in My

MyBulletinBoard | vulnerability | memberphp | injection | SQL |

SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.


SQL injection vulnerability in a third party ex

vulnerability | category_uid | extension | arbitrary | attackers | injection | parameter | commands | execute | allows | remote | third | party | TYPO3 | SQL | via |

SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.


SQL injection vulnerability in eFiction 1.1 all

vulnerability | viewuserphp | attackers | arbitrary | parameter | injection | eFiction | commands | execute | remote | allows | SQL | via | uid |

SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.


SQL injection vulnerability in index.php in vwd

vulnerability | definition | attackers | arbitrary | parameter | injection | indexphp | commands | execute | allows | remote | vwdev | Page | SQL | via | UID |

SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page.


Multiple SQL injection vulnerabilities in admin

vulnerabilities | injection | attackers | arbitrary | adminasp | Multiple | commands | WPCeasy | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter.


profile.php in FunkBoard CF0.71 allows remote a

profilephp | attackers | arbitrary | passwords | FunkBoard | modified | Profile | remote | hidden | action | change | allows | field | CF071 | Edit | form | via | uid |

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.


The supersede_lease function in memory.c in ISC

supersede_lease | function | memoryc | DHCP | ISC |

The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid."


Software vulnerabilities results 1 to 20 of 68     
Page: 1234