Design/Logic Flaw

Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password...

CVE-2010-0535

Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list SACL for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

CVE-2010-0522

CVE-2010-0522 affects Apple Mac OS X Server 10.5.8, where Server Admin fails to correctly determine privileges for users previously in the admin group. The underlying issue allows remote authenticated users to leverage former membership to establish a server connection via screen sharing. The ava...

CVE-2010-0989

Pulse CMS contains a directory traversal vulnerability in delete.php (f parameter) affecting versions prior to 1.2.3. Exploitation allows remote authenticated users to delete arbitrary files on the server via directory traversal sequences. Severity is evidenced as moderately critical in Secunia’s...

CVE-2010-0571

Unspecified vulnerability in Cisco Digital Media Manager DMM 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008...

CVE-2010-0571

Unspecified vulnerability in Cisco Digital Media Manager DMM 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008...

CVE-2009-4675

CVE-2009-4675 describes a flaw in the Mole Group Gastro Portal (Restaurant Directory) where admin/admin_info/index.php does not require administrative authentication, enabling remote attackers to change the admin password through an unspecified form submission. The NVD CVSS v2 base score is 7.5 (...

Sagem Routers Remote Authentication Bypass

!/usr/bin/perl Exploit Title: Sagem routers Remote auth bypass Exploit Date: 04/03/2010 Author: AlpHaNiX Software Link: null Version: Sagem Routers F@ST 1200/1240/1400/1400W/1500/1500-WG/2404 Tested on: Sagem F@ST 2404 Code : use HTTP::Request; use HTTP::Headers; use LWP::UserAgent; system'cls';...

Sagem Routers - Remote Authentication Bypass

Sagem Routers - Remote Authentication Bypass !/usr/bin/perl Exploit Title: Sagem routers Remote auth bypass Exploit Date: 04/03/2010 Author: AlpHaNiX Software Link: null Version: Sagem Routers F@ST 1200/1240/1400/1400W/1500/1500-WG/2404 Tested on: Sagem F@ST 2404 Code : use HTTP::Request; use...

Sagem Routers Remote Auth bypass Exploit

Exploit for unknown platform in category web applications ======================================== Sagem Routers Remote Auth bypass Exploit ======================================== !/usr/bin/perl Exploit Title: Sagem routers Remote auth bypass Exploit Date: 04/03/2010 Author: AlpHaNiX Software...

CVE-2009-4658

CVE-2009-4658 affects Xerver HTTP Server 4.32. The issue is a denial-of-service (daemon crash) caused by a non-numeric web port assignment in the management interface. The description notes that this can be leveraged by non-authenticated attackers using CVE-2009-4657. Connected references also de...

CVE-2010-0147

SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-0146

Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors...

Code injection

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string...

CVE-2009-4646

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string...

CVE-2009-4644

Accellion Secure File Transfer Appliance before 80105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program...

CVE-2010-0289

Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...

CVE-2010-0637

Multiple cross-site request forgery CSRF vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that 1 delete an event or 2 ban an IP address from posting via unknown vectors. NOTE: some of these...

Sql injection

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter...

PT-2010-2032 · Microsoft · Windows Server 2003 +7

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2 Description: The issue is related to the SMB...