CVE-2003-0150

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf...

CVE-2002-1553

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist...

CVE-2002-2218

CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system SIPS before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value...

CVE-2002-1080

The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as 1 srvstatus.chl, 2 consport.chl, 3 general.chl, 4 srvparam.chl, and 5 advanced.chl...

CVE-2002-0540

Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration...

CVE-2002-0202

PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to 1 obtain the encrypted server password via the world-readable oekakibbs.conf file, or 2 modify the server configuration via the world-writeable /oekaki/ folder...

CVE-2001-1290

The CVE-2001-1290 entry describes a vulnerability in Admin.cgi of Active Classifieds Free Edition 1.0 (and possibly commercial versions) where a remote attacker can modify configuration, gain privileges, and execute arbitrary Perl code through the table_width parameter. Affected component: admin....

CVE-2001-1290

admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the tablewidth parameter...

CVE-2001-0455

Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration...

CVE-1999-1255

Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an editfile action parameter...

Active Web Classifieds failure to authenticate leads to arbitrary code execution

Active Classifieds Free Edition from Active Web Suite Technologies http://www.activewebsuite.com fails to authenticate administrators, which allows unauthorized modification of configuration files, which in turn, allows remote arbitrary code execution. Tested on: Program: Active Classifieds Free...

CVE-2001-1290

admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the tablewidth parameter...

CVE-2001-0455

Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration...

CVE-2001-0484

Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as nclsubjects.shtml and nclitems.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages...

Multiple networking devices allow SNMP objects to be viewed/modified via ILMI community string

Overview There is a vulnerability in the remote management architecture for Asynchronous Transfer Mode ATM networking devices that permits unauthorized access to configuration information. An attacker who gains access to an affected device can read and modify its configuration, creating a...

CVE-2000-0589

SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration...

CVE-2000-0205

Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients...

CVE-2000-0205

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2000-0205

Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients...

CVE-2000-0068

daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail...