112 matches found
CVE-2011-4166
CVE-2011-4166 corresponds to a directory traversal vulnerability in HP Managed Printing Administration (MPA) in the MPAUploader.Uploader.1.UploadFiles() function. Affected software is HP MPA before version 2.6.4. The vulnerability permits remote attackers to create arbitrary files by submitting c...
HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
Binary data 6113.prm...
ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-11-352 December 22, 2011 - -- CVE ID: CVE-2011-4166 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors:...
CVE-2010-4166
CVE-2010-4166 documents multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22. The affected software is Joomla! (1.5.x series); the vulnerabilities occur in the web application logic where attacker-controlled input can influence SQL queries. Specifically, arbitrary SQL commands ca...
CVE-2009-4166
SQL injection vulnerability in the Trips mchtrips extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2009-4166
CVE-2009-4166 : The TYPO3 extension mchtrips (Trips) version 2.0.0 is affected. A SQL injection flaw allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability stems from improper handling of input in the extension, enabling unauthorized database access. ...
CVE-2008-4166
The CVE-2008-4166 entry describes an integer overflow in the JavaScript engine of Avant Browser, affecting version 11.7 Build 9 and earlier. The vulnerability allows a remote attacker to cause a denial of service (application crash) by URL-encoding a string containing many invalid characters. No ...
CVE-2008-4166
creationtimestamp| type| source ---|---|--- 2008-09-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32381...
CVE-2007-4166
Cross-site scripting XSS vulnerability in index.php in the Unnamed theme 1.217, and Special Edition SE 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-416...
CVE-2007-4166
CVE-2007-4166 is described in the PRION entry as an XSS vulnerability in WordPress-related themes: index.php in the Unnamed theme 1.217 and Special Edition (SE) 1.02 (before 20070804) allows remote attackers to inject arbitrary web script via the s parameter. The root cause is unsanitized input i...
CVE-2006-4166
CVE-2006-4166 : PHP remote file inclusion in TinyWebGallery (≤1.5) allows remote attackers to execute arbitrary PHP code via a URL provided in the image parameter to (1) image.php or (2) image.php2. Root cause is unsafe handling of the image parameter enabling inclusion of remote/local code; CVSS...
CVE-2005-4166
The CVE-2005-4166 entry documents a Cross-site Scripting (XSS) vulnerability in DUWare DUportal Pro 3.4.3, exploitable via the result parameter in password.asp. The affected component is password.asp within DUportal Pro 3.4.3; the root cause is input handling allowing script/HTML injection. The p...