90 matches found
CVE-2009-4589
Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
CVE-2009-4589
MediaWiki 1.14.0 and 1.15.0 are affected by a cross-site scripting (XSS) vulnerability in the Special:Block implementation, specifically in the getContribsLink function of SpecialBlockip.php. The issue allows remote attackers to inject arbitrary web script or HTML via the ip parameter. The public...
CVE-2009-4589
Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...
Lenovo Rescue and Recovery tvtumon.sys Filename Handling Local Overflow
The version of Lenovo Rescue and Recovery monitor driver running on the remote host is affected by a heap overflow condition. A local attacker may exploit this to elevate privileges to SYSTEM level. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid34432;...
CVE-2008-4589
CVE-2008-4589 concerns a heap-based buffer overflow in the Lenovo Rescue and Recovery module tvtumin.sys (kernel driver) affecting version 4.20, including 4.20.0511 and 4.20.0512. The vulnerability allows a local attacker to execute arbitrary code by providing a long file name, enabling privilege...
CVE-2008-4589
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name...
CVE-2007-4589
CVE-2007-4589 describes multiple XSS vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2. The issue allows injection of arbitrary script/HTML by manipulating PATH_INFO to index.php and to a set of scripts (siteworx.php, users.php, ftp.php, mysql.php,...
CVE-2006-4589
DynCMS 6 and earlier are affected by a PHP remote file inclusion in 0_admin/modules/Wochenkarte/frontend/index.php, exploitable via the x_admindir URL parameter to execute arbitrary PHP code. This affects DynCMS versions
CVE-2005-4589
CVE-2005-4589 affects Spb Kiosk Engine 1.0.0.1, where the administrator passcode is stored in plaintext in the registry. The root cause is insecure storage of credentials in the registry, enabling local users to obtain the passcode. The NVD entry notes a LOW base score (CVSS2: AV:L/AC:L/Au:N/C:P/...
CVE-2018-4589
CVE-2018-4589 entry is rejected and not used by its CNA.