CVE-2007-2033

Summary (CVE-2007-2033) : Cisco Wireless Control System (WCS) is affected by an unspecified vulnerability in versions before 4.0.81.0. The issue allows remote authenticated users to read any configuration page by changing the group membership of user accounts (Bug ID CSCse78596). The NVD entry li...

CVE-2003-1325

The CVE affects Valve Software’s Half-Life CSTRIKE Dedicated Server. The SV_CheckForDuplicateNames function in versions such as 1.6 and earlier is vulnerable when handling a connection string to UDP port 27015, where a backslash character at the end of the string can trigger an infinite loop and ...

Default credentials

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

CVE-2007-1882

The CVE-2007-1882 entry affects HP Mercury Quality Center 9.0, build 9.1.0.4352. The vulnerability lies in qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment, where remote authenticated users can execute arbitrary SQL commands via the RunQuery method. Documents confirm the affected component and t...

CVE-2007-0957

CVE-2007-0957 involves a stack-based buffer overflow in the krb5_klog_syslog function of the MIT Kerberos 5 kadm5 library used by kadmind and the KDC. The vulnerability arises from a boundary/format handling issue, enabling remote authenticated users to execute arbitrary code and modify the Kerbe...

Kerberos telnet Crafted Username Remote Authentication Bypass

An authentication bypass vulnerability exists in the MIT krb5 telnet daemon due to a failure to sanitize malformed usernames. This allows usernames beginning with '-e' to be interpreted as a command-line flag by the login.krb5 program. A remote attacker can exploit this, via a crafted username, t...

xserver XC-MISC integer overflow

Integer overflow in ALLOCATELOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server xserver 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption...

krb5_klog_syslog() stack buffer overflow

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon kadmind and Key Distribution Center KDC, in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

CVE-2007-1836

The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the 1 ifconfig and 2 ping commands...

CVE-2007-1554

Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the 1 adminmail, 2 emotpatch, 3 login, 4 pass, and unspecified other parameters. NOTE: the provenance of this...

Orion-Blog 2.0 - Remote Authentication Bypass

Orion-Blog 2.0 - Remote Authentication Bypass Orion-Blog v2.0 Version Remote Privilege Escalation Exploit function ps unique.action=""+document.unique.site.value+"/admin/AdminBlogNewsEdit.asp"; unique.submit; --- Orion-Blog v2.0 Version Remote Privilege Escalation Exploit --- Site Address :...

Orion-Blog 2.0 - Remote Authentication Bypass

Orion-Blog v2.0 Version Remote Privilege Escalation Exploit function ps unique.action=""+document.unique.site.value+"/admin/AdminBlogNewsEdit.asp"; unique.submit; --- Orion-Blog v2.0 Version Remote Privilege Escalation Exploit --- Site Address : UniquE-KeyUniquE-Cracker [email protected]...

CVE-2007-0723

Unspecified vulnerability in the authentication feature for DirectoryService DS Plug-Ins for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors...

CVE-2007-1437

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...

Wiki Remote Authentication Bypass Vulnerability

Wiki Remote Authentication Bypass Vulnerability The Exploit Works 100 of the time. It really is up to the admin to add security like locking a page to prevent editing. There are Two ways of having this Exploit work. One is simply add the code example 1 after the Page you wanna test or if that...

CVE-2006-7141

Absolute path traversal vulnerability in Oracle Database Server, when utlfiledir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utlfile functions such as 1 utlfile.putline...

CVE-2006-7138

SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...

PT-2007-1419 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server affected versions not specified Description: The issue allows remote authenticated users to read and modify arbitrary files via full filepaths to utl file functions such as utl file.put line and utl file.get line when u...

Sql injection

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the pskin parameter to index.php...

CVE-2007-1254

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the pskin parameter to index.php...