CVE-2008-6524

resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication...

CVE-2008-6524

CVE-2008-6524 affects openInvoice up to version 0.90 beta and earlier. It allows remote authenticated users to change arbitrary user passwords via a modified uid parameter in resetpass.php. The description notes this can be leveraged with a separate vulnerability in auth.php to modify passwords w...

Design/Logic Flaw

Sun Java System Identity Manager IdM 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and...

Default credentials

The Change My Password implementation in the admin interface in Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the...

CVE-2009-1077

The CVE-2009-1077 entry concerns Sun Java System Identity Manager (IdM) 7.0–8.0. The admin Change My Password functionality fails to enforce the RequiresChallenge setting, enabling remote authenticated users to change other users’ passwords, demonstrated by altering the administrator account. Doc...

CVE-2009-1078

CVE-2009-1078 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is that the product does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, allowing remote authenticated users to have an unspecified impact. The available co...

Ubuntu Update for gnome-screensaver vulnerabilities USN-669-1

Ubuntu Update for Linux kernel vulnerabilities USN-669-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6691.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for gnome-screensaver vulnerabilities USN-669-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2008-6502

Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. dot dot in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to 1 an individual user o...

CVE-2009-0967

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service service hang via a large number of SMNT commands without an argument...

CVE-2008-6474

The CVE-2008-6474 issue affects F5 BIG-IP 9.4.3 (management CLI/Web interface). The vulnerability is a remote code-injection where remote authenticated users with Resource Manager privileges can exploit unsanitized input related to Perl EP3 templates to create arbitrary Perl code execution with t...

CVE-2009-0809

The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object...

Design/Logic Flaw

Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors...

CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...

CVE-2009-0615

Directory traversal vulnerability in Cisco Application Networking Manager ANM before 2.0 and Application Control Engine ACE Device Manager before A32.1 allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."...

Code injection

The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for a forcepurge acknowledgement from the CICS Application Server CICSAS after an eci response timeout, which might allow remote authenticated users to cause a denial of service forcepurge handling delay, or have unspecified other...

CVE-2009-0700

CVE-2009-0700 affects Plunet BusinessManager 4.1 and earlier. Remote authenticated users can bypass access restrictions to read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or enumerate sensitive Jobs via a direct request to pagesUTF8/auftrag_job...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0359

Multiple cross-site scripting XSS vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the 1 message title or 2 user full name...

Design/Logic Flaw

Trend Micro InterScan Web Security Suite IWSS 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages...

CVE-2008-6125

Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors...