1081 matches found
CVE-2002-2132
CVE-2002-2132 concerns Windows File Protection (WFP) in Windows 2000 and XP. The vulnerability arises because WFP does not remove old security catalog (.CAT) files, enabling local attackers to replace legitimate, updated files with older, vulnerable versions that still have valid hash codes. The ...
CVE-2005-3399
Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...
CVE-2005-3399
CVE-2005-3399 relates to an interpretation error in CAT-QuickHeal 8.0 where a file type misclassification occurs due to an “MZ” magic-byte sequence (typically EXE) present in BAT/HTML/EML content. This causes the file to be treated as a safe type that could still be executed as a dangerous file o...
CVE-2005-3399
Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...
CVE-2004-2509
Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2004-2510
Cross-site scripting XSS vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2005-3231
Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even...
CVE-2005-3231
CAT Quick Heal is affected by a vulnerability described as a multiple interpretation error in unspecified versions, allowing remote attackers to bypass virus detection. The attack involves a malicious executable contained in a specially crafted RAR file with malformed central and local headers, w...
CVE-2003-1231
CVE-2003-1231: Cross-site scripting (XSS) in ECW-Shop 5.5 (index.php) allows remote attackers to inject arbitrary script/HTML via the cat parameter. The provided sources describe the vulnerability but do not include explicit exploit code, affected versions beyond 5.5, or remediation steps. No add...
CVE-2003-1231
Cross-site scripting XSS vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2002-1821
Ultimate PHP Board UPB 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to 1 adminmembers.php, 2 adminconfig.php, 3 admincat.php, or 4 adminforum.php...
CVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...
CVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...
CVE-2005-1196
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...
CVE-2005-0914
Multiple cross-site scripting XSS vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 the profile parameter to index.php or 2 the cat parameter...
CVE-2005-0914
Multiple cross-site scripting XSS vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 the profile parameter to index.php or 2 the cat parameter...
CVE-2004-1553
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via 1 the username field on the login page or 2 the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName paramet...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2004-2510
Cross-site scripting XSS vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter...