via software vulnerabilities
vulnerabilities.aspcode.net
Searching via software vulnerabilities
root privileges via buffer overflow in xlock co
privileges
|
overflow
|
command
|
systems
|
buffer
|
xlock
|
IRIX
|
root
|
via
|
SGI
|
root privileges via buffer overflow in xlock command on SGI IRIX systems.
Command execution in Sun systems via buffer ove
execution
|
overflow
|
program
|
systems
|
Command
|
buffer
|
via
|
Sun
|
Command execution in Sun systems via buffer overflow in the at program.
HP OpenView Omniback allows remote execution of
execution
|
commands
|
spoofing
|
Omniback
|
OpenView
|
symlink
|
attack
|
remote
|
allows
|
access
|
users
|
local
|
gain
|
root
|
via
|
can
|
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
Buffer overflow in ALMail32 POP3 client via Fro
ALMail32
|
overflow
|
client
|
Buffer
|
POP3
|
via
|
Buffer overflow in ALMail32 POP3 client via From: or To: headers.
Buffer overflow in Solaris kcms_configure via a
kcms_configure
|
environmental
|
variable
|
overflow
|
NETPATH
|
Solaris
|
Buffer
|
long
|
via
|
Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.
Buffer overflow in SCO UnixWare Xsco command vi
argument
|
UnixWare
|
overflow
|
command
|
Buffer
|
long
|
Xsco
|
SCO
|
via
|
Buffer overflow in SCO UnixWare Xsco command via a long argument.
Denial of service in MDaemon WorldClient and We
WorldClient
|
WebConfig
|
services
|
MDaemon
|
service
|
Denial
|
long
|
URL
|
via
|
Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
Denial of service in MDaemon 2.7 via a large nu
connection
|
attempts
|
service
|
MDaemon
|
number
|
Denial
|
large
|
via
|
Denial of service in MDaemon 2.7 via a large number of connection attempts.
Vulnerability in xfsdump in SGI IRIX may allow
Vulnerability
|
privileges
|
possibly
|
symlink
|
xfsdump
|
obtain
|
attack
|
bcklog
|
local
|
allow
|
users
|
IRIX
|
file
|
root
|
SGI
|
may
|
via
|
log
|
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
EZShopper 3.0 loadpage.cgi CGI script allows re
loadpagecgi
|
attackers
|
arbitrary
|
EZShopper
|
remote
|
script
|
allows
|
files
|
read
|
via
|
CGI
|
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
EZShopper 3.0 search.cgi CGI script allows remo
arbitrary
|
attackers
|
EZShopper
|
searchcgi
|
remote
|
script
|
allows
|
files
|
read
|
via
|
CGI
|
EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
Directory traversal vulnerability in Transsoft
vulnerability
|
Transsoft
|
attackers
|
Directory
|
traversal
|
allows
|
before
|
Broker
|
FTP
|
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
Multiple buffer overflows in Tomahawk SteelArro
SteelArrow
|
attackers
|
overflows
|
arbitrary
|
Multiple
|
Tomahawk
|
execute
|
remote
|
buffer
|
before
|
allow
|
code
|
via
|
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
Cross-site scripting (XSS) vulnerability in Fre
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.
zgv 5.5.3 allows remote attackers to cause a de
zgv
|
zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.
i-mall.cgi in I-Mall Commerce allows remote att
metacharacters
|
attackers
|
arbitrary
|
i-mallcgi
|
parameter
|
Commerce
|
commands
|
execute
|
allows
|
I-Mall
|
remote
|
shell
|
via
|
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
man2web allows remote attackers to execute arbi
arbitrary
|
attackers
|
arguments
|
commands
|
execute
|
man2web
|
allows
|
remote
|
via
|
man2web allows remote attackers to execute arbitrary commands via -P arguments.
PHP Easy Download allows remote attackers to by
authentication
|
attackers
|
Download
|
editphp
|
bypass
|
allows
|
remote
|
Easy
|
PHP
|
via
|
PHP Easy Download allows remote attackers to bypass authentication via edit.php.
Multiple direct static code injection vulnerabi
vulnerabilities
|
UBBthreads
|
injection
|
Multiple
|
Groupee
|
direct
|
static
|
code
|
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
DropAFew before 0.2.1 does not require authoriz
DropAFew
|
before
|
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
Software vulnerabilities results 1 to 20 of 17842
Page:
1
2
3
4
5
...
893
►