2780 matches found
CVE-2007-1046
Demtrac allows remote attackers to read log file contents via a direct request for /ancsit.txt...
Design/Logic Flaw
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information memory contents by doing 1 text searches or 2 paste operations after pressing certain keyboard shortcut keys...
CVE-2007-0854
Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager WHM allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used...
CVE-2007-0822
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...
CVE-2007-0822
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...
Information disclosure
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...
CVE-2007-0638
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...
EUVD-2007-0636
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...
Microsoft Help Workshop .CNT file buffer overflow
Added: 01/31/2007 CVE: CVE-2007-0352 BID: 22100 OSVDB: 31898 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...
CVE-2006-6961
WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name...
CVE-2006-6961
WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name...
CVE-2006-6961
WebRoot Spy Sweeper 4.5.9 and earlier fails to detect malware based on file contents, allowing remote attackers to bypass malware detection by renaming a file. Connected documents specify that detection is blocked only by filename and that multiple archive formats are not supported. Affected prod...
CVE-2007-0059
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
Cross site scripting
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
CVE-2007-0059
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
CVE-2007-0059
CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...
JVN#31185550 tDiary arbitrary Ruby script execution vulnerability
Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...
CVE-2006-6013
Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...
CVE-2006-6013
Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...
Verity Ultraseek Request Proxying Vulnerability
This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spider...