60 matches found
CVE-2014-4873
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data...
CVE-2014-4873
CVE-2014-4873 affects BMC Track-It! 11.3.0.355. The vulnerability is an SQL injection in TrackItWeb/Grid/GetData that allows a remote authenticated user to execute arbitrary SQL commands via crafted POST data. Multiple sources corroborate the issue and indicate hotfixes are available from the ven...
BMC Track-It! contains multiple vulnerabilities
Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...
CVE-2013-4873
CVE-2013-4873 : The Yahoo! Tumblr app for iOS prior to 3.4.1 transmits credentials in cleartext, allowing remote attackers to obtain sensitive information by sniffing network traffic. The provided sources describe the vulnerability and its impact (partial confidentiality) and confirm remote explo...
CVE-2012-4873
GNUBoard is vulnerable to an XSS in the file_download function via the filename parameter, affecting versions before 4.34.21. The root cause is improper handling of the filename input leading to script/HTML injection. Remediation: upgrade to GNUBoard 4.34.21 or apply the provided patch. Public re...
CVE-2012-4873
Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
CVE-2012-4873
creationtimestamp| type| source ---|---|--- 2012-03-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36973...
CVE-2011-4873
CVE-2011-4873 affects Certec EDV GmbH atvise prior to version 2.1. A remote attacker can cause a denial of service (daemon crash) by sending specially crafted packets to TCP port 4840. Public exploits are noted. ICS-CERT reports that Certec released an updated atvise (≥2.1) to mitigate the issue....
CVE-2010-4873
The CVE-2010-4873 entry concerns WeBid 0.8.5 P1 with a reflected cross-site scripting (XSS) vulnerability in confirm.php, exploitable by supplying a crafted id parameter. The root cause is insufficient input sanitization of user-supplied id, enabling remote attackers to inject arbitrary script/HT...
CVE-2009-4873
CVE-2009-4873 describes a stack-based buffer overflow in the HTTP server of Rhino Software Serv-U Web Client 9.0.0.5, exploitable via a long Session cookie to cause a denial of service or arbitrary code execution. Multiple connected sources confirm the vulnerability, with OpenVAS and Nessus notin...
CVE-2009-4873
creationtimestamp| type| source ---|---|--- 2009-11-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9966 2009-11-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9800...
CVE-2008-4873
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a downfile action...
CVE-2008-4873
CVE-2008-4873 affects Sepal SPBOARD 4.5: board.cgi’s down_file action accepts a file parameter, and remote attackers can inject shell metacharacters to execute arbitrary commands. The vulnerability enables full compromise of confidentiality, integrity, and availability (as reflected in CVSS: Netw...
CVE-2008-4873
creationtimestamp| type| source ---|---|--- 2008-10-29 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6864 2024-10-11 09:08:41+00:00| seen| https://t.me/CyberSecurityTechnologies/107...
CVE-2005-4873
The CVE-2005-4873 entry concerns the phpcups PHP module for CUPS, with multiple stack-based buffer overflows in cups_get_dest_options (phpcups.c) that may allow context-dependent attackers to execute arbitrary code via long function parameters. Affected product/component: phpcups module integrate...
CVE-2007-4873
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, enabling remote retrieval of arbitrary .inc files via direct requests (example: admin/includes/dbtables.inc). Root cause: information disclosure in PHP-based system; impact: partial confidentiality ...
simpnews24103-fdisclose.txt
netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...
CVE-2006-4873
CVE-2006-4873 affects Jupiter CMS 1.1.5. A remote attacker can disclose installation paths by requesting specific PHP module files (examples include includes/functions.php, modules/register.php, modules/poll.php, modules/panel.php, modules/pm.php, modules/news.php, modules/templates_change.php, m...
CVE-2005-4873
Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cupsgetdestoptions function in phpcups.c...
CVE-2005-4873
Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cupsgetdestoptions function in phpcups.c...