Searching vector software vulnerabilities

Lucent/ORiNOCO WaveLAN cards generate predictab

Initialization | Lucent/ORiNOCO | predictable | generate | WaveLAN | Vector | cards |

Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages.


ACLCHECK module in Novell iChain 2.3 allows att

represented | unspecified | involving | component | encoding" | "overlong | sequences | attackers | ACLCHECK | contains | control | escape | string | Novell | module | iChain | access | bypass | attack | allows | vector | UTF-8 | rules | via |

ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."


Buffer overflow in YoungZSoft CCProxy 6.2 and e

YoungZSoft | attackers | arbitrary | overflow | execute | address | earlier | CCProxy | remote | Buffer | allows | ping | long | code | via |

Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358.


Cross-site scripting (XSS) vulnerability in log

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.


BFCommand & Control Server Manager BFCC 1.22_A

authentication | BFCommand | attackers | earlier | Control | Manager | allows | remote | Server | bypass | 122_A | BFVCC | 214_B | BFCC | via |

BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username.


SQL injection vulnerability in WebCalendar 1.0.

vulnerability | WebCalendar | injection | SQL |

SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.


Sun Update Connection in Sun Solaris 10, when c

authentication | configured | Connection | password | Solaris | allows | obtain | Update | users | local | proxy | Sun | via | web | use |

Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.


SQL injection vulnerability in WowBB 1.65 allow

vulnerability | injection | WowBB | SQL |

SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181.


Multiple SQL injection vulnerabilities in show.

vulnerabilities | injection | arbitrary | attackers | commands | BirthSys | variable | Multiple | execute | showphp | $month | remote | allow | SQL | via |

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.


SQL injection vulnerability in news.php in Tony

vulnerability | injection | Fantastic | newsphp | Baird | News | Tony | SQL |

SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846.


Unspecified vulnerability in mod_templatechoose

mod_templatechooser | vulnerability | Unspecified | Joomla |

Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.


SQL injection vulnerability in show.php in vbzo

vulnerability | injection | showphp | vbzoom | SQL |

SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.


SQL injection vulnerability in gallery.php in w

vulnerability | galleryphp | injection | webSPELL | SQL |

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.


PHP remote file inclusion vulnerability in fron

vulnerability | frontpagephp | AD_BODY_TEMP | attackers | parameter | arbitrary | inclusion | earlier | execute | Hosting | remote | allows | Image | code | Free | file | PHP | via | URL |

PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763.


Stack-based buffer overflow in AtomixMP3 allows

CVE-2006-6287 | Stack-based | attackers | arbitrary | different | AtomixMP3 | overflow | filename | execute | vector | remote | allows | buffer | than | file | code | long | MP3 | via |

Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.


Unspecified vulnerability in index.php in Turnk

TurnkeyWebTools | Manipulation" | vulnerability | Unspecified | Shopping | indexphp | related | "Cookie | unknown | SunShop | vector | attack | impact | remote | Cart | has |

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."


SQL injection vulnerability in index.asp in fip

vulnerability | CVE-2006-6115 | parameter | attackers | arbitrary | injection | different | indexasp | commands | fipsCMS | execute | allows | vector | remote | than | SQL | via | pid |

SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115.


SQL injection vulnerability in archshow.asp in

vulnerability | CVE-2006-5976 | archshowasp | attackers | arbitrary | parameter | injection | different | commands | execute | allows | BlogMe | vector | remote | than | SQL | via | var |

SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.


Fedora Commons before 2.2.1 does not properly h

Commons | before | Fedora |

Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.


Software vulnerabilities results 1 to 20 of 294     
Page: 12345...15