1148 matches found
CVE-2005-4677
SQL injection vulnerability in additionalimages.php aka the Additional Images module before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the productsid parameter to productinfo.php...
CVE-2005-4003
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions ASPS Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the 1 srchproductname parameter to advsearch.asp and 2 bsearch parameter to...
CVE-2005-3256
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...
CVE-2005-2937
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reason: this candidate was intended for one issue, but multiple advisories used this candidate for different issues. Notes: All CVE users should consult CVE-2005-3663 and CVE-2005-3664 to determine which ...
LiteWeb Web Server protection bypass
It's possible to bypass password protection by adding additional slashes to URL...
CVE-2004-0637
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible...
CVE-2005-1088
Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights...
CVE-2005-1088
The CVE-2005-1088 issue affects DameWare NT Utilities (v4.8 and earlier) and DameWare Mini Remote Control (v4.8 and earlier), describing a local privilege escalation. Multiple sources indicate an unspecified or local privilege-escalation vulnerability that allows an authenticated, non-administrat...
CVE-2004-1394
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the execattr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges...
CVE-2003-0458
Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges...
CVE-2003-0458
Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges...
Root directory access in Cisco Secure ACS
By adding additional slah to URL after hostname it's possible to address root folder...
CVE-2001-0560
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username 20 characters...
CVE-2001-0611
Becky!
CVE-2001-1003
Affected software : Respondus 1.1.2 for WebCT. Vulnerability : weak encryption used to remember usernames and passwords stored in WEBCT.SVR. Impact : local users who can read WEBCT.SVR can decrypt passwords and gain additional privileges. Remediation : not specified in the provided documents.
CVE-2001-0578
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command...
CVE-2001-0565
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option...
CVE-2001-0594
kcmsconfigure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument...
CVE-2001-0587
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command...
Проблема в Raptor (http proxing)
При разрешенном HTTP-прокси проксируются не только внутренние запросы наружу, но и наоборот, кроме того, проксируется ряд дополнительных портов...