66 matches found
CVE-2001-1537
The CVE concerns TWIG webmail versions 2.7.4 and earlier where the default 'basic' security setting in config.php stores cleartext usernames and passwords in cookies. This could allow an attacker to obtain authentication information and gain privileges. The PT-2001-2622 entry reiterates the affec...
e107 search.php search_info Parameter Traversal Arbitrary File Inclusion
The version of e107 installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'searchinfo' parameter of the 'search.php' script. This vulnerability could allow a remote, unauthenticated attacker to view...
CVE-2001-0104
MDaemon Pro 3.5.1 and earlier have a local privilege bypass: a user can bypass the "lock server" security setting by pressing Cancel at the password prompt and then pressing Enter. The available documents confirm the affected product and UI-based trigger, but do not provide concrete mitigation st...
CVE-2000-0562
BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, fail to block Back Orifice traffic when the security setting is Nervous or lower. The CVE-2000-0562 entry documents this condition for these products, indicating a partial confidentiality, integrity, and availability impact w...
CVE-2000-0562
BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower...
CVE-1999-1241
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object...