2692 matches found
XCMS 1.83 - Remote Command Execution
Name : XCMS So the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So let's take a look to the bugged code. So with a simple html form we can change the footer. Ex: /textarea input type=...
FreeBSD : gallery2 -- multiple vulnerabilities (9b718b82-8ef5-11dc-8e42-001c2514716c)
Gallery project reports : Gallery 2.2.3 addresses the following security vulnerabilities : - Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas - Unauthorized modification and retrieval of item properties possible with WebDAV - Unauthorized locking and replacing of...
CVE-2007-3591
The CVE-2007-3591 issue affects Elite Bulletin Board, prior to version 1.0.10, in the Profile.php handling. The root cause is described as missing authorization checks on a remote form, enabling remote modification of profile information via unspecified vectors. Impact is limited to unauthorized ...
CVE-2007-0472
Multiple race conditions in Smb4K before 0.8.0 allow local users to 1 modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the removelockfile function in core/smb4kfileio.cpp, and 2 add lines to the sudoers file via a symlink attack on...
CVE-2005-0771
VERITAS Backup Exec Server beserver.exe 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106...
MidiCart PHP - 'Item_List.php?MainGroup' SQL Injection
source: https://www.securityfocus.com/bid/13513/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data...
GLSA-200411-09 : shadow: Unauthorized modification of account information
The remote host is affected by the vulnerability described in GLSA-200411-09 shadow: Unauthorized modification of account information Martin Schulze reported a flaw in the passwdcheck function in 'libmisc/pwdcheck.c' which is used by chfn and chsh. Impact : A logged-in local user with an expired...
shadow: Unauthorized modification of account information
Background shadow provides a set of utilities to deal with user accounts. Description Martin Schulze reported a flaw in the passwdcheck function in "libmisc/pwdcheck.c" which is used by chfn and chsh. Impact A logged-in local user with an expired password may be able to use chfn and chsh to chang...
Apache Tomcat 4.1.x < 4.1.40 / 5.5.x < 5.5.28 / 6.0.x < 6.0.20 Multiple Vulnerabilities
Binary data 5044.pasl...
Security Advisory: Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability Revision 1.0: INTERIM For Public Release 2001 February 27 04:00 US/Eastern UTC+0500 Summary Cisco IOS software releases based on versions 11.x and 12.0 contain a defe...
CVE-2000-0483
The CVE-2000-0483 entry concerns the Zope DocumentTemplate package in Zope 2.2 and earlier. The issue allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization (unauthenticated write), representing a potential for content tampering. The root cause is a lack of proper a...
CVE-2000-0483
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization...