110 matches found
UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability
No description provided by source. Title : UPublisher 1.0 viewarticle.asp Remote SQL Injection Vulnerability Author : ajann Dork : UPublisher Vendor: http://www.superfreaker.com/ http://target/path//viewarticle.asp?ID=SQL Example:...
HP-UX PHNE_30224 : HP-UX sendmail, Remote Unauthorized Privileged Access (HPSBUX00281 SSRT3631 rev.11)
s700800 11.04 VVOS sendmail1m 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. %NASLMINLEVEL 70300 C Tenable...
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion / source: https://www.securityfocus.com/bid/10746/info Kleinanzeigen is prone to a file include vulnerability. This issue could allow a remote attacker to include malicious files containing arbitrary code to be executed on a vulnerab...
Easy Chat Server 1.x - Multiple Denial of Service Vulnerabilities
source: https://www.securityfocus.com/bid/10649/info It is reported that Easy Chat Server is susceptible to multiple denial of service vulnerabilities. The chat software is implemented as a web server serving a chat web application to clients. The software is reported to contain two denial of...
PWebServer 0.3.x - Directory Traversal
PWebServer 0.3.x - Directory Traversal source: https://www.securityfocus.com/bid/9817/info It has been reported that PWebServer is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied URI requests. Information...
BolinTech DreamFTP Server 1.2 (1.02TryFTP 1.0.0.1) - Remote User Name Format String
BolinTech DreamFTP Server 1.2 1.02TryFTP 1.0.0.1 - Remote User Name Format String include include include include // WIN NT/2K/XP cmd.exe shellcode // kernel32.dll baseaddress calculation: OS/SP-independent // string-save: 00, 0a and 0d free. // portbinding: port 28876 // looping: reconnect after...
CVE-2004-0033
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command...
XtremeASP PhotoGallery 2.0 - 'Adminlogin.asp' SQL Injection
source: https://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including i...
.netCART Settings.XML - Information Disclosure
.netCART Settings.XML - Information Disclosure source: https://www.securityfocus.com/bid/8210/info .netCART is a web based e-commerce and shopping cart site designed for ASP.NET. It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is...
CVE-2002-0567
Oracle 8i and 9i with PL/SQL package for External Procedures EXTPROC allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process...
CVE-2002-1558
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet...
PHP-Board 1.0 - User Password Disclosure
PHP-Board 1.0 - User Password Disclosure source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain acce...
Lib CGI 0.1 - Include Buffer Overflow
// source: https://www.securityfocus.com/bid/6264/info Lib CGI is a freely available, open source CGI library for C programmers. It is available for Unix and Linux operating systems. It has been reported that a buffer overflow exists in the Lib CGI development library. Due to improper bounds...
ATP HTTPd 0.4 - Single Byte Buffer Overflow
ATP HTTPd 0.4 - Single Byte Buffer Overflow // source: https://www.securityfocus.com/bid/5956/info ATP httpd is a lightweight HTTP server. A vulnerability has been reported in ATP httpd that may result in compromise of root access to remote attackers. It is possible to overwrite the least...
CVE-2002-1084
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests...
CVE-2002-0888
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router...
dotProject 0.2.1 - User Cookie Authentication Bypass
dotProject 0.2.1 - User Cookie Authentication Bypass source: https://www.securityfocus.com/bid/5347/info dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. This may be accomplished by submitting a maliciously...
Multiple Remote Windows XP/ME/98 Vulnerabilities
Multiple Remote Windows XP/ME/98 Vulnerabilities Release Date: 12/20/01 Severity: High Systems Affected: Microsoft Windows XP All default systems Microsoft Windows 98 Certain configurations Microsoft Windows 98SE Certain configurations Microsoft Windows ME Certain configurations Description:...
CVE-2001-0694
Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command...
IRIX 5.36.x - netprint Arbitrary Shared Library Usage
IRIX 5.36.x - netprint Arbitrary Shared Library Usage // source: https://www.securityfocus.com/bid/2656/info The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default. At the command line, 'netprint'...