Searching values software vulnerabilities

Digital Creations Zope 2.3.1 b1 and earlier con

Creations | Digital | Zope |

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.


Check Point FireWall-1 SecuRemote/SecuClient 4.

SecuRemote/SecuClient | "authentication | configuration | FireWall-1 | modifying | to_expire | client's | timeout" | clients | values | usersC | expire | bypass | allows | Check | Point | file |

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.


ASPjar Guestbook 1.00 allows remote attackers t

Guestbook | ASPjar |

ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".


Macromedia JRun 3.0, 3.1, and 4.0 allow remote

Macromedia | attackers | character | encoded | Unicode | source | remote | values | files | allow | view | JRun | code | URL | via | JSP |

Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.


Integer overflow in OpenSSL 0.9.6 and 0.9.7 all

overflow | OpenSSL | Integer |

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.


Polar HelpDesk 3.0 allows remote attackers to b

authentication | attackers | UserType | HelpDesk | setting | cookie | values | UserId | allows | remote | bypass | Polar |

Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.


Bottomline Webseries Payment Application allows

Application | ReportPath | Bottomline | ReportName | attackers | arbitrary | Webseries | template | modified | network | Payment | report | allows | remote | values | files | read | via |

Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.


The StgCompObjStream::Load function in OpenOffi


The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.


SQL injection vulnerability in u2u.inc.php in X

vulnerability | u2uincphp | injection | Forum | XMB | SQL |

SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.


The register_globals emulation layer in grab_gl

register_globals | grab_globalsphp | configuration | phpMyAdmin | modifying | attackers | emulation | arbitrary | uploaded | requests | library | scripts | certain | 264-pl3 | perform | include | direct | remote | allows | safety | before | checks | _FILES | values | theme | layer | array | files | using | which | does | then | use | not |

The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.


Directory traversal vulnerability in GNU Gnump3

vulnerability | Directory | traversal | Gnump3d | before | GNU |

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".


packets.c in Freeciv 2.0 before 2.0.8 allows re

packetsc | Freeciv | before |

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.


Integer underflow in Freetype before 2.2 allows

underflow | attackers | Freetype | Integer | service | denial | allows | before | remote | cause |

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.


The TIFFToRGB function in libtiff before 3.8.1

TIFFToRGB | function | libtiff | before |

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.


index.php in Vincent Leclercq News 5.2 allows r

installation | information | attackers | sensitive | parameter | Leclercq | indexphp | invalid | Vincent | mail[] | values | obtain | remote | allows | News | such | path | via |

index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.


index.php in Wheatblog (wB) allows remote attac

Wheatblog | indexphp |

index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.


default.asp in ASP-Nuke Community 1.5 and earli

privileges | defaultasp | attackers | Community | ASP-Nuke | earlier | setting | certain | pseudo | cookie | values | allows | remote | gain |

default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.


calendar.php in Calendarix 0.7.20070307 allows

calendarphp | Calendarix |

calendar.php in Calendarix 0.7.Wednesday, March 07, 2007 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.


eyeOS uses predictable checksum values in the c

unauthorized | doCreateUser | predictable | activities | parameter | attackers | register | accounts | guessing | messages | eyeBoard | checknum | checksum | control | actions | conduct | certain | service | values | denial | addMsg | remote | access | allows | valid | eyeOS | which | cause | uses | many | add | via |

eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values.


The HPRevolutionRegistryManager ActiveX control

HpRevolutionRegistryManagerdll | HPRevolutionRegistryManager | WriteRegistry | Messenger | arguments | attackers | registry | ActiveX | control | Telecom | method | values | remote | allows | create | Alice | Italy | keys | via |

The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.


Software vulnerabilities results 1 to 20 of 253     
Page: 12345...13