OCS Inventory NG Server 1.3.1 - 'LOGIN' Remote Authentication Bypass

OCS Inventory NG = 1.3.1 login Remote Authentication Bypass function $id return document.getElementByIdid; function $$id return $id.options$id.options.selectedIndex.value; function bypass $'log'.action = $'ocsreports'.value + $$'meth' + '?lang=' + $$'lang'; if $$'type' == 0 $'login'.value = "'...

DEBIAN-CVE-2010-0402

OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted in-game command...

CVE-2010-0401

OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service daemon crash by sending a company password packet...

Command injection

OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted in-game command...

CVE-2010-1617

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page...

Code injection

Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors...

CVE-2009-4815

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2009-4810

The Secure Remote Password SRP implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input...

CVE-2010-1034

Unspecified vulnerability in HP System Management Homepage SMH 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors...

CVE-2010-1035

Multiple unspecified vulnerabilities in HP Virtual Machine Manager VMM before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors...

CVE-2009-4800

Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// dot dot slash slash in a DELE command...

CVE-2009-4800

The CVE-2009-4800 entry describes a directory traversal vulnerability in Sysax Multi Server versions 4.3 and 4.5 . It allows remote authenticated users to delete arbitrary files via a “..//” sequence in a DELE command, indicating a flaw in path handling during FTP-like file operations. The availa...

CVE-2009-4790

CVE-2009-4790 concerns Sysax Multi Server 4.5, where multiple directory traversal vulnerabilities allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. The description notes that provenance is unknown and details come from third‑party information. All connec...

Pulse CMS view.php页面跨站请求伪造漏洞

BUGTRAQ ID: 38356 CVE ID: CVE-2010-0992 Pulse是一个Web应用程序开发框架和门户网站搭建解决方案。 Pulse CMS没有执行充分的有效性检查便允许用户通过HTTP请求执行某些操作，如果已登录用户访问了恶意网站就会允许远程攻击者劫持用户的认证，代表该用户执行上传图形或删除文件或创建块等请求。 Pulse CMS Pulse CMS Basic 1.2.3 Pulse CMS Pulse CMS Basic 1.2.2 厂商补丁： Pulse CMS --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Code injection

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote authenticated users to affect integrity via unknown vectors...

Code injection

Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors...

CVE-2010-0860

CVE-2010-0860 affects Oracle Database Core RDBMS components in 9.2.0.8 (and DV variants), 10.1.0.5, 10.2.0.4, and 11.1.0.7. The vulnerability allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege. The issu...

CVE-2010-0857

Technical details about CVE-2010-0857 are not publicly provided in the supplied documents. The connected sources mention Oracle CPU advisories and general vulnerability groupings but do not specify affected components, vectors, or fixes. Monitor for updates.

CVE-2010-1334

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different...

CVE-2010-0993

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified...