CVE-2005-3721

CVE-2005-3721 concerns the Hitachi IP5000 VOIP WIFI Phone (firmware 1.5.6) where the HTTP server’s default configuration does not require authentication for sensitive configuration pages. This allows remote attackers to modify device configuration without credentials. The available references con...

CVE-2005-3723

The Hitachi IP5000 VOIP/WiFi Phone (v1.5.6) is affected by CVE-2005-3723 due to a failure to disable access to SNMP and TCP port 3390. This allows remote attackers to misuse CVE-2005-3722 to modify system configuration via SNMP credentials or to access the Unidata Shell to obtain sensitive inform...

CVE-2005-2916

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to 1 modify configuration using restore.cgi or 2 upload new firmware using upgrade.cgi...

CVE-2005-2916

CVE-2005-2916 affects the Linksys WRT54G series (notably 3.01.03, 3.03.6, 4.00.7; possibly earlier than 4.20.7). The issue arises because the device does not verify user authentication until after an HTTP POST is processed, enabling remote attackers to either (1) modify configuration via restore....

iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability

Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability iDEFENSE Security Advisory 09.13.05 www.idefense.com/application/poi/display?id=306&type=vulnerabilities September 13, 2005 I. BACKGROUND The Linksys WRT54G is a combination wireless access point, switch and router...

FreeBSD : junkbuster -- heap corruption vulnerability and configuration modification vulnerability (97edf5ab-b319-11d9-837d-000e0c2e438a)

A Debian advisory reports : James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidentally overwriting a global variable. Tavis Ormandy from the Gentoo Security Team discovered several heap corruptions due to inconsistent use of an internal...

CVE-2002-1981

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...

CVE-2002-1968

The CVE-2002-1968 entry describes a vulnerability in Com21 DOXport 1100 series cable modems (firmware 2.1.1.106 and possibly earlier than 2.1.1.108.003). The issue: a device may download a DOCSIS configuration file from a malicious TFTP server on the internal network, enabling local users to modi...

CVE-2005-0232

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."...

CVE-2003-1121

Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to 1 modify arbitrary registry entries via the ScriptLogic RPC service SLRPC or 2 modify arbitrary configuration via the RunAdmin services...

CVE-2004-0913

Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration...

Mozilla Firefox < 1.7.6 Multiple Vulnerabilities

Binary data 2671.prm...

CVE-2004-1714

CVE-2004-1714 affects BlackICE PC Protection and Server Protection. The issue arises from installation of firewall.ini, blackice.ini, sigs.ini, and protect.ini with Everyone Full Control permissions, enabling a local attacker to crash the service or modify configuration by editing firewall.ini (e...

CVE-2004-1714

BlackICE PC Protection and Server Protection installs 1 firewall.ini, 2 blackice.ini, 3 sigs.ini and 4 protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service crash or modify configuration, as demonstrated by modifying firewall.ini to contain a...

Mozilla Firefox < 1.0.1 Multiple Vulnerabilities

Binary data 2652.prm...

CVE-2004-1557

MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to 1 /admin or 2 ServerProperties.html...

CVE-2005-0232

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."...

CVE-2004-0913

Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration...

CVE-2004-0913

Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration...

CVE-2004-2126

The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as 1 blackice.ini, 2 firewall.ini, 3 protect.ini, or 4 sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the...