4421 matches found
CVE-2008-0887
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...
gnome-screensaver using NIS auth will unlock if NIS goes away
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...
DEBIAN-CVE-2008-1657
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshdconfig ForceCommand directive by modifying the .ssh/rc session file...
CVE-2008-1627
CVE-2008-1627 affects CDS Invenio 0.92.1 and earlier. The issue allows remote authenticated users to delete email notification alerts of arbitrary users by modifying an internal UID. This is the explicit vulnerability described in the connected CVE records. The documents do not provide a remediat...
gnome-screensaver using NIS auth will unlock if NIS goes away
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859...
CVE-2008-1528
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...
tomcat5 security update
CentOS Errata and Security Advisory CESA-2008:0042 Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Jav...
CVE-2008-1000
CVE-2008-1000 is a path traversal vulnerability in Mac OS X Server 10.5.2 (Leopard) Wiki Server. The issue resides in ContentServer.py and allows remote authenticated users to write arbitrary files by manipulating file attachments (.. sequences). Affected product: Wiki Server on Mac OS X Server 1...
CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...
CVE-2008-1301
The CVE-2008-1301 entry concerns Alkacon OpenCms (versions 7.0.3 and 7.0.4). The vulnerability is an absolute path traversal in logfileViewSettings.jsp (path: system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp) that allows remote authenticated administrators to read arbitrary fi...
Absolute path traversal Apache Tomcat WEBDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...
CVE-2008-0946
The CVE-2008-0946 entry affects Ipswitch Instant Messaging (IM Server, aka IMserve/IMserver) up to version 2.0.8.1. The vulnerability is a directory traversal via ".." in the recipient field, permitting remote authenticated users to create arbitrary empty files. The NVD entry lists moderate sever...
CVE-2008-0897
The CVE-2008-0897 entry concerns BEA WebLogic Server versions 9.0–10.0. The vulnerability allows remote authenticated users lacking the RECEIVE permission to bypass access controls and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable...
Design/Logic Flaw
lib/Driver/sql.php in Turba 2 turba2 Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify...
CVE-2008-0785
CVE-2008-0785 affects Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k. The vulnerability is due to multiple SQL injection flaws in the web frontend, exploitable by remote authenticated users via: (1) graph_view.php with graph_list, (2) tree.php with leaf_id and id, (3) graph_xport.php with loca...
CVE-2008-0785
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the 1 graphlist parameter to graphview.php, 2 leafid and id parameters to tree.php, 3 localgraphid parameter to graphxport.php, and 4...
CVE-2003-1544
CVE-2003-1544 affects Terminal Services on Windows 2000 (pre-SP4) and Windows XP. The vulnerability is an unrestricted critical resource lock that allows remote authenticated users to trigger a denial-of-service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from loadi...
Anon Proxy Server 0.1000.102 - Remote Authentication Buffer Overflow
Anon Proxy Server 0.1000.102 - Remote Authentication Buffer Overflow source: https://www.securityfocus.com/bid/27593/info Anon Proxy Server is prone to a remote buffer-overflow vulnerability because the application fails to sufficiently bounds-check user-supplied input. Successful exploits allow...
Anon Proxy Server 0.100/0.102 - Remote Authentication Buffer Overflow
source: https://www.securityfocus.com/bid/27593/info Anon Proxy Server is prone to a remote buffer-overflow vulnerability because the application fails to sufficiently bounds-check user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the...
CVE-2008-0549
Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service daemon crash via a long Ogg tag...