208 matches found
CVE-2011-0533
Cross-site scripting XSS vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the...
Code injection
Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from ...
CVE-2010-4070
Integer overflow in librpc.dll in portmap.exe aka the ISM Portmapper service in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server IDS 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a...
CVE-2010-4068
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...
Design/Logic Flaw
index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via 1 a viewadrates action with an invalid uid parameter, which reveals the installation path in an error message; or 2 an adminlogin action with a crafted uid parameter, which reveals the version number...
CVE-2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...
Sql injection
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...
CVE-2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...
Code injection
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...
Integer overflow
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execut...
CVE-2009-2753
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a...
CVE-2009-2754
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execut...
CVE-2009-2753
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a...
PhotoDiary 1.3 Local File Inclusion
PhotoDiary 1.3 lng Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php lines 9 - 15: if isset$GET'lng' $LNG = $GET'lng'; 1 else $LNG = "ITA"; include "../common/language".$LNG.".php"; 2 proof of concept:...
OSSIM 2.1.5 Command Execution
cybsec com / function wrap$url $ua = array'Mozilla','Opera','Microsoft Internet Explorer','Chrome','Safari','Konqueror'; $op = array'Windows 7','Windows XP','Ubuntu','Windows Vista','ReactOS','OSX','Minix'; $agent = $uarand0,3.'/'.rand1,8.'.'.rand0,9.' '.$oprand0,5.' '.rand1,7.'.'.rand0,9.';...
CVE-2009-4023
Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...
DEBIAN-CVE-2009-4023
Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...
CVE-2009-4023
Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...
Design/Logic Flaw
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter...
CVE-2009-3112
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter...