4938 matches found
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is pro...
Tunez 1.21 - 'songinfo.php?song_id' SQL Injection
source: https://www.securityfocus.com/bid/15548/info Tunez is prone to multiple input validation vulnerabilities. The application is affected by an SQL injection vulnerability and a cross-site scripting issue. Successful exploitation of the SQL injection issue could result in a compromise of the...
Tru-Zone Nuke ET 3.x - Search Module SQL Injection
source: https://www.securityfocus.com/bid/15519/info Nuke ET is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
PHPWCMS 1.2.5 -DEV - login.php?form_lang Traversal Arbitrary File Access
PHPWCMS 1.2.5 -DEV - login.php?formlang Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issu...
Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion
Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...
PHPWCMS 1.2.5 -DEV - imgdir Traversal Arbitrary File Access
PHPWCMS 1.2.5 -DEV - imgdir Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain...
PHPFM Arbitrary File Upload
The remote host appears to be running PHPFM, a web-based file manager written in PHP. The version of PHPFM installed on the remote host allows anyone to upload arbitrary files and then to execute them subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network...
JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection
JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitati...
PHP3 Physical Path Disclosure Vulnerability
PHP3 will reveal the physical path of the webroot when asked for a non-existent PHP3 file if it is incorrectly configured. Although printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers. OpenVAS Vulnerability Test $Id:...
myServer 0.4.3 / 0.7 Directory Traversal Vulnerability
This web server is running myServer Copyright: Copyright C 2003 Westpoint Ltd This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2, as published by the Free Software Foundation This program is distributed in the hope...
Generic format string
The remote service is vulnerable to a format string attack An attacker may use this flaw to execute arbitrary code on this host. OpenVAS Vulnerability Test $Id: miscformatstring.nasl 4750 2016-12-12 15:39:21Z cfi $ Generic format string Authors: Michel Arboi Copyright: Copyright C 2002 Michel Arb...
TelCondex Simple Webserver Buffer Overflow
The TelCondex SimpleWebserver is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header. SPDX-FileCopyrightText: 2003 Matt North Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
WinSyslog (DoS)
A vulnerability in WinSyslog allows remote attackers to cause the WinSyslog to freeze, which in turn will also freeze the operating system on which the product executes. SPDX-FileCopyrightText: 2003 Matthew North Some text descriptions might be excerpted from a referenced sources, and are Copyrig...
WS_FTP Server < 3.1.2 Buffer Overflow Vulnerability
WSFTP Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2002 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Serv-U FTP Server SITE CHMOD Command Stack Overflow Vulnerability
The remote host is running Serv-U FTP server. There is a bug in the way this server handles arguments to the SITE CHMOD requests. SPDX-FileCopyrightText: 2004 Astharot Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
AWStats < 6.3 'configdir' Parameter Arbitrary Command Execution Vulnerability - Active Check
AWStats is prone to a command execution vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:awstats:awstats";...
Default password 'ibmdb2' for account 'db2fenc1' (SSH/Telnet)
The account SPDX-FileCopyrightText: 2003 Chris Foster Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11861";...
Helix RealServer Buffer Overrun
RealServer 8.0 and earlier and Helix Server 9.0 is vulnerable to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2003 Montgomery County Maryland Government Security Team Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Titan FTP Server <= 2.02 Directory Traversal Vulnerability
Titan FTP Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
IlohaMail < 0.8.11 User Parameter Vulnerability
IlohaMail does not properly sanitize the SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilohamail:ilohamail"; ifdescription...