CVE-2005-1708

The CVE affects Blue Coat Reporter before 7.1.2, where templates.admin.users.user_form_processing allows an authenticated user to elevate to administrator by sending an HTTP POST that sets volatile.user.administrator to true. Root cause is improper handling of admin-flag assignment via user form ...

CVE-2005-1708

templates.admin.users.userformprocessing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true...

CVE-2004-2086

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a long query parameter...

CVE-2003-1198

connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field...

CVE-2003-1198

CVE-2003-1198 affects Cherokee Web Server prior to 0.4.6, where a remote attacker can cause a denial of service by sending an HTTP POST request without a Content-Length header. OpenVAS/Nessus entries corroborate a remote DoS vulnerability in Cherokee’s POST handling. The mitigation is to upgrade ...

CVE-2005-0334

Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service device crash via an HTTP POST request containing an unknown parameter without a value...

CVE-2005-0645

Cross-site scripting XSS vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the 1 CLIENT-IP or 2 X-FORWARDED-FOR header in an HTTP POST request to shownews.php...

CVE-2005-0886

Cross-site scripting XSS vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request...

CVE-2005-1284

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request...

CVE-2005-1128

Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries...

CVE-2005-1284

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request...

CVE-2005-1128

VHCS 2.4 and earlier are affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via inputs from HTTP POST queries. Affected software: VHCS (Virtual Hosting Control System), versions up to and including 2.4. Root cause: SQL injection in HTT...

CVE-2005-1128

Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries...

CVE-2005-0915

Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to 1 ajoutadmin2.php or 2 suppr.php...

CVE-2005-0915

Webmasters-Debutants WD Guestbook 2.8 is affected by an authentication bypass vulnerability. A remote attacker can bypass authentication and perform administrator actions via a direct HTTP POST to (1) ajout_admin2.php or (2) suppr.php. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with ne...

CVE-2005-0886

Cross-site scripting XSS vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request...

Invision Power Board 1.x2.0 - HTML Injection

Invision Power Board 1.x2.0 - HTML Injection source: https://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of...

Invision Power Board 1.x/2.0 - HTML Injection

source: https://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of HTML tags, an attacker can inject an IFRAME...

NotifyLink server provides inadequate protection for cryptographic key material

Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

CVE-2005-0674

The CVE-2005-0674 entry concerns the paBox 1.6 News module, where a cross-site scripting (XSS) flaw exists in the News module’s handling of the hidden text parameter in an HTTP POST. The connected documents corroborate an XSS issue affecting paBox/Nuke-based deployments (e.g., Nessus plugin refer...