59 matches found
CVE-2011-4606
Artsoft Entertainment Rocks'n'Diamonds aka rocksndiamonds 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory...
CVE-2011-4606
CVE-2011-4606 affects rocksndiamonds 3.3.0.1, enabling local users to overwrite files via a symlink attack on ~/.rocksndiamonds/cache/artworkinfo.cache in a user’s home. The issue is mitigated by updated packages, e.g., rocksndiamonds 3.3.1.2-2.5 (openSUSE), with Fedora updates 2012-1567/1553 add...
CVE-2010-4606
The CVE concerns the Space Management client in the Hierarchical Storage Management (HSM) component of IBM Tivoli Storage Manager (TSM). Affected versions are 5.4.x (until 5.4.3.4), 5.5.x (until 5.5.3), 6.1.x (until 6.1.4), and 6.2.x (until 6.2.2) on Unix/Linux. The issue allows remote attackers ...
WebDrive缺少安全描述符本地权限提升漏洞
BUGTRAQ ID: 37955 CVE ID: CVE-2009-4606 WebDrive是Windows化的文件传输软件,可将FTP服务器设置为硬盘盘符。 WebDrive所安装的WebDrive服务没有设置安全描述符,本地用户可以通过stop命令终止服务、使用config命令修改binPath变量并执行任意命令,或通过start命令重启服务。 South River Technologies WebDrive 9.02 厂商补丁: South River Technologies ------------------------...
South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation
South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation. This module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated privileges. Tested on South River...
CVE-2009-4606
South River Technologies WebDrive 9.02 build 2232 is vulnerable to a local privilege escalation due to the WebDrive Service being installed without a security descriptor. An attacker with local access can stop the service, modify the binPath via config to execute arbitrary commands as SYSTEM, or ...
CVE-2006-4606
creationtimestamp| type| source ---|---|--- 2009-04-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8425...
CVE-2008-4606
CVE-2008-4606 documents multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier, allowing remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. The vulnerability is network-exposed with low attac...
CVE-2007-4606
PHP remote file inclusion vulnerability in convert/mvcwconver.php in the Virtual War VWar module for PHPNuke-Clan PNC 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this...
CVE-2007-4606
CVE-2007-4606 describes a PHP remote file inclusion in the Virtual War (VWar) module of PHPNuke-Clan (PNC) 4.2.0 and earlier. The vulnerability arises in convert/mvcw_conver.php where an attacker can cause arbitrary PHP code execution by supplying a crafted URL in the vwar_root parameter. The iss...
CVE-2007-1627
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4606. Reason: This candidate is a duplicate of CVE-2006-4606. Notes: All CVE users should reference CVE-2006-4606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4606. Reason: This candidate is a duplicate of CVE-2006-4606. Notes: All CVE users should reference CVE-2006-4606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2006-4606
CVE-2006-4606 affects Longino Jacome’s php-Revista 1.1.2. The vulnerability involves multiple SQL injection flaws in five parameters across different PHP scripts: (1) id_temas in busqueda_tema.php, (2) cadena in busqueda.php, (3) id_autor in autor.php, (4) email in lista.php, and (5) id_articulo ...
CVE-2005-4606
CVE-2005-4606 describes an SQL injection in Web Wiz apps (Site News 3.06 and earlier; Journal 1.0 and earlier; Polls 3.06 and earlier; Database Login 1.71 and earlier) via txtUserName in admin/check_user.asp. Attacker can execute arbitrary SQL commands remotely. Exploitation details, affected ver...
CVE-2005-4606
SQL injection vulnerability in checkuser.asp in multiple Web Wiz products including 1 Site News 3.06 and earlier, 2 Journal 1.0 and earlier, 3 Polls 3.06 and earlier, and 4 and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter...
CVE-2018-4606
...
CVE-2018-4606
CVE-2018-4606 entry is rejected/not used per initial description.
MS:C782C657-E6EF-4606-A0AB-5B014CA32C14
...
MS:A3E08801-1A77-4606-9687-ACF2296A6CD3
...