624 matches found
CVE-2008-5967
CVE-2008-5967 affects PHP iCalendar up to version 2.x. The issue is that admin/index.php does not require administrative authentication for an addupdate action, enabling remote attackers to upload a calendar (.ics) file with arbitrary content to the calendars/ directory outside the web root. This...
Apache Tomcat < 5.5.29 / 6.0.24
Binary data 800619.prm...
CVE-2008-0952
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...
Hardcoded credentials
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...
CVE-2008-0952
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...
CVE-2008-0701
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content...
CVE-2007-6527
uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...
Design/Logic Flaw
uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...
CVE-2007-6527
CVE-2007-6527 affects PunBB’s Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2. The issue arises because the upload handler only verifies the Content-Type of uploaded files, allowing remote attackers to upload and execute arbitrary content by crafting a file with a (1) JPG, (2) GIF...
CVE-2007-6527
uploadimg.php in the Automatic Image Upload with Thumbnails imgUpload module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a 1 JPG, 2 GIF, or 3 PNG MIME type...
CVE-2007-4277
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions Everyone:Write for the \.\Tmfilter device, which allows local users to send arbitrary content to the device via the...
iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability
VMware Workstation Shared Folders Directory Traversal Vulnerability iDefense Security Advisory 04.27.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 27, 2007 I. BACKGROUND VMware Workstation is a software virtualization system which allows multiple virtual computers to run on a sing...
Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
Gnome Evolution 2.x - GnuPG Arbitrary Content Injection source: https://www.securityfocus.com/bid/22760/info Evolution is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add...
KMail 1.x - GnuPG Arbitrary Content Injection
KMail 1.x - GnuPG Arbitrary Content Injection source: https://www.securityfocus.com/bid/22759/info KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary...
KMail 1.x - GnuPG Arbitrary Content Injection
source: https://www.securityfocus.com/bid/22759/info KMail is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted...
GnuPG 1.x - Signed Message Arbitrary Content Injection
source: https://www.securityfocus.com/bid/22757/info GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/o...
Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
source: https://www.securityfocus.com/bid/22760/info Evolution is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing. An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted...
[Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Dotdeb PHP Email Header Injection Vulnerability Release Date: 2006/11/14 Last Modified: 2006/11/14 Author: Stefan Esser [email protected] Application: Dotdeb PHP 5.2.0 R...
Artmedic NewsLetter 4.1 - 'Log.php' Remote Script Execution
source: https://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to create files containing arbitrary conte...
CVE-2002-1651
CVE-2002-1651 describes a cross-site scripting (XSS) vulnerability in the Verity Search97 product. The issue arises from certain error messages in template pages that use the (1) vformat and (2) vfilter functions, enabling remote attackers to inject arbitrary web content and potentially access se...