CVE-2007-6381

SQL injection vulnerability in the indexedsearch system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

123tkShop 0.9.1 - Remote Authentication Bypass

123tkShop 0.9.1 - Remote Authentication Bypass By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...

123tkShop 0.9.1 Remote Authentication Bypass Vulnerability

Exploit for unknown platform in category web applications ========================================================== 123tkShop 0.9.1 Remote Authentication Bypass Vulnerability ========================================================== By Michael Brooks Vulnerability:Sql Injection Software:123tkSh...

123tkShop 0.9.1 - Remote Authentication Bypass

By Michael Brooks Vulnerability:Sql Injection Software:123tkShop Homepage:http://sourceforge.net/projects/my123tkshop/ Affects Version 0.9.1. An attacker can gain Administrative rights with this authentication bypass exploit:...

CVE-2007-6303

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER...

Critical: Red Hat Security Advisory: samba security update

Updated samba packages that fix a security issue are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Samba is a suite of programs used by machines to share files, printers,...

CVE-2007-5976

SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...

CVE-2007-5924

Cross-site scripting XSS vulnerability in the Web Server HTTP task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-5926

OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the 1 AsciiBackup, 2 OEMLicenseInstall, and possibly other stored procedures...

PT-2007-6860 · Openbase · Openbase

Name of the Vulnerable Software and Affected Versions: OpenBase versions 10.0.5 and earlier Description: The issue allows remote authenticated users to create files with arbitrary contents by utilizing a .. dot dot in the first argument to the GlobalLog stored procedure, potentially leading to th...

CVE-2004-2747

Technical details about CVE-2004-2747 are not publicly provided in the supplied documents. Monitor for updates for new information about affected products, remediation, or exploit activity.

CVE-2002-2415

The CVE-2002-2415 entry concerns Allied Telesyn AT-8024 (version 1.3.1) and Rapier 24 switches. The vulnerability allows remote authenticated users to cause a denial of service in the management interface by sending a stream of zero (null) bytes via UDP to a running service. Affected component: m...

CVE-2007-5731

Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461...

CVE-2007-5700

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information...

CVE-2007-5464

CVE-2007-5464 describes a stack-based buffer overflow in Live for Speed 0.5X10 and earlier. The vulnerability allows remote authenticated users to crash the client and potentially execute arbitrary code via a long skin name. Affected component is the client’s handling of skin names; root cause is...

Design/Logic Flaw

cpmemberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account...

CVE-2004-2700

Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx...

NetSupport Manager Client Spoofing Remote Authentication Bypass

NetSupport Manager NSM, a multi-platform remote control application, is installed on the remote host. According to its version, the NetSupport Manager client component on the remote host does not properly handle authentication sessions. A remote attacker may be able to leverage this issue to pose...

CVE-2007-4927

axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service reboot via many requests with unique buffer names in the buffername parameter in a start action...

CVE-2007-4888

The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribu...