CVE-2005-4854

CVE-2005-4854 affects eZ publish versions 3.5–3.7 prior to 2005-08-30. The root cause is that a folder’s read permissions are not used to restrict notifications, allowing remote authenticated users to view sensitive information about changes to content in arbitrary folders. The connected sources ...

CVE-2007-3494

CVE-2007-3494 affects Papoo CMS 3.6 and possibly earlier. The vulnerability stems from a missing privilege check in backend administration plugin access (via interna/plugin.php and a devtools/templates/newdump_backend.html argument), enabling remote authenticated users to perform actions beyond t...

CVE-2007-2798

Stack-based buffer overflow in the renameprincipal2svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal...

Stack overflow

Stack-based buffer overflow in the renameprincipal2svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal...

CVE-2007-2798

Stack-based buffer overflow in the renameprincipal2svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal...

Mandrake Linux Security Advisory : proftpd (MDKSA-2007:130)

The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. The updated...

CVE-2007-3295

Directory traversal vulnerability in Yet another Bulletin Board YaBB 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. dot dot in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variabl...

CVE-2007-3280

The Database Link library dblink in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system...

CVE-2007-3260

HP System Management Homepage SMH before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges...

CVE-2007-3113

Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphheight or 2 graphwidth parameter, different vectors than CVE-2007-3112...

CVE-2007-2860

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an editpost action...

CVE-2007-2860

Summary (CVE-2007-2860): BoastMachine 3.0 platinum’s user.php allows privilege escalation for remote authenticated users by tampering the id parameter, as demonstrated by an edit_post action. The NVD entry lists a network attack with low complexity and partial confidentiality/integrity/availabili...

CVE-2007-2858

SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field...

CVE-2007-2700

The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information...

samba code injection

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the 1 SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute...

[ MDKSA-2007:097 ] - Updated xscreensaver packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:097 http://www.mandriva.com/security/ Package : xscreensaver Date : May 2, 2007 Affected: 2007.0, 2007.1, Corporate 3.0 Problem Description: A problem with the way xscreensaver verifies user passwords was...

Mandrake Linux Security Advisory : xscreensaver (MDKSA-2007:097)

A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication i.e. LDAP for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen. Updated...

DEBIAN-CVE-2007-2437

The X render Xrender extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service daemon crash via crafted values to the 1 XRenderCompositeTrapezoids and 2 XRenderAddTraps functions, which trigger a...

security flaw

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List ACL privileges to modify arbitrary Distinguished Names DN...

CVE-2007-2082

CVE-2007-2082 describes a direct static code injection vulnerability in admin/settings.php for MyBlog 0.9.8 and earlier. The issue allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. A separate vulnerability...