view software vulnerabilities

Searching view software vulnerabilities

search.cgi in the SolutionScripts Home Free pac

search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.

Etype Eserv 2.97 allows remote attackers to vie

Eserv | Etype |

Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL.

Pi3Web 2.0.0 allows remote attackers to view re

Pi3Web |

Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.

browse.asp in Hosting Controller allows remote

browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.

WebCalendar allows remote attackers to gain pri

WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.

Directory traversal vulnerability in WebAPP 0.9

vulnerability | traversal | Directory | WebAPP |

Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.

Scalable OGo (SOGo) 1.0 allows remote authentic

Scalable | OGo |

Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.

Multiple SQL injection vulnerabilities in WowBB

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.

SQL injection vulnerability in PerlDesk 1.x all

SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter.

CubeCart 2.0.6 allows remote attackers to obtai

CubeCart |

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

booby.php in Booby 1.0.0 and earlier allows rem

boobyphp | Booby |

booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs.

Web Wiz Forums 7.9 and 8.0 allows remote attack

Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.

Directory traversal vulnerability in the rulese

Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.

Oracle Database 9.2.0.0 to 10.2.0.3 allows loca

Database | Oracle |

Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.

Multiple SQL injection vulnerabilities in Cyboz

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

Multiple PHP remote file inclusion vulnerabilit

Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.

SQL injection vulnerability in includes/view_pa

SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.

Software vulnerabilities results 1 to 20 of 273

Page: 12 3 4 5...14 ►

view software vulnerabilities

vulnerabilities.aspcode.net

Searching view software vulnerabilities