Active Web Classifieds failure to authenticate leads to arbitrary code execution

Active Classifieds Free Edition from Active Web Suite Technologies http://www.activewebsuite.com fails to authenticate administrators, which allows unauthorized modification of configuration files, which in turn, allows remote arbitrary code execution. Tested on: Program: Active Classifieds Free...

CVE-2001-1290

admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the tablewidth parameter...

CVE-2001-0455

Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration...

CVE-2001-0484

Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as nclsubjects.shtml and nclitems.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages...

Multiple networking devices allow SNMP objects to be viewed/modified via ILMI community string

Overview There is a vulnerability in the remote management architecture for Asynchronous Transfer Mode ATM networking devices that permits unauthorized access to configuration information. An attacker who gains access to an affected device can read and modify its configuration, creating a...

CVE-2000-0589

SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration...

CVE-2000-0205

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2000-0205

Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients...

CVE-2000-0205

Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients...

CVE-2000-0068

daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail...

PT-1999-1782 · Lynx · Lynx

Name of the Vulnerable Software and Affected Versions: Lynx versions 2.x Description: The issue arises from Lynx not properly distinguishing between internal and external HTML. This may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL...

CVE-1999-1255

Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an editfile action parameter...

CVE-1999-0792

ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration...

CVE-1999-1420

NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration...