146 matches found
DEBIAN-CVE-2011-0402
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory...
PT-2010-1350 · Ruby +1 · Ruby +1
Name of the Vulnerable Software and Affected Versions: Ruby versions 1.8.6 through patchlevel 383 Ruby versions 1.8.7 through patchlevel 248 Ruby version 1.8.8dev Ruby versions 1.9.1 through patchlevel 376 Ruby version 1.9.2dev Description: The issue allows remote attackers to potentially modify ...
zope 2.2 DTML模板和DTML方法远程修改漏洞
No description provided by source...
DEBIAN-CVE-2008-6755
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a 1 PHP or 2 CGI script...
CVE-2008-6755
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a 1 PHP or 2 CGI script...
MODx cross-site request forgery vulnerability
Overview MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Debian DSA-1640-1 : python-django - several vulnerabilities
Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. This is possible regardless of the Django plugin to preven...
PT-2007-3317 · Bmc · Bmc Performance Manager
Name of the Vulnerable Software and Affected Versions: BMC Performance Manager affected versions not specified Description: The issue concerns a lack of authentication requirement for requests to modify configuration files. This could potentially allow remote attackers to execute arbitrary code b...
CVE-2006-6946
The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors...
Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit
No description provided by source. !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 marcbevandatrapid7.com Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with o...
CVE-2004-1982
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field...
PT-2002-2428 · Cisco · Cisco Ios +2
Name of the Vulnerable Software and Affected Versions: Cisco IOS software versions 11.3 through 12.2 Description: The issue allows remote attackers to modify Data Over Cable Service Interface Specification DOCSIS settings via a DOCSIS file without a Message Integrity Check MIC signature, which is...
CVE-2000-1001
CVE-2000-1001 affects Element InstantShop: the add_2_basket.asp endpoint allows remote attackers to modify price information via the hidden form variable price. The underlying issue is input/data integrity on the price field, enabling tampering before processing. The CVSS data assigns a base scor...
FreeBSD-SA-00:38.zope
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:38 Security Advisory FreeBSD, Inc. Topic: zope port allows remote modification of DTML documents Category: ports Module: zope Announced: 2000-08-14 Credits: Unknown...
CVE-2000-0108
The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
CVE-2000-0110
The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
CVE-2000-0103
The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
CVE-2000-0134
The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
CVE-2000-0136
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
CVE-2000-0101
The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...