7018 matches found
Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
source: https://www.securityfocus.com/bid/7638/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access to administrative functions. It is possible to bypass BadBlue security checks when '.hts' files are requested by a remote user. BadBlue restricts...
Cisco Catalyst switches allow access to "enable mode" without password
Overview Cisco Catalyst OS 7.51 contains a vulnerability that allows anyone who can obtain command line access to gain "enable" mode access without knowledge of the "enable" password. Description Cisco Catalyst OS is an operating system for Cisco's line of Catalyst switches. Version 7.51 of...
Libopt.a 3.1x - Error Logging Buffer Overflow (2)
Libopt.a 3.1x - Error Logging Buffer Overflow 2 source: https://www.securityfocus.com/bid/7433/info Libopt library has been reported prone to a buffer overflow vulnerability. It has been reported that several Libopt.a error logging functions, may be prone to buffer overflow vulnerabilities when...
Libopt.a 3.1x - Error Logging Buffer Overflow (1)
Libopt.a 3.1x - Error Logging Buffer Overflow 1 / source: https://www.securityfocus.com/bid/7433/info Libopt library has been reported prone to a buffer overflow vulnerability. It has been reported that several Libopt.a error logging functions, may be prone to buffer overflow vulnerabilities when...
CVE-2002-0185
The CVE-2002-0185 issue affects Apache mod_python versions 2.7.6 and earlier, where a module indirectly imported by a published module can be accessed via the publisher, allowing remote attackers to call potentially dangerous functions from the imported module. The OpenVAS/NVD/CVE listings corrob...
CVE-2002-0185
modpython version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module...
CVE-2002-0359
Summary of the CVE-2002-0359 (IRIX xfsmd): The SGI XFS journaling file-system daemon (xfsmd), part of the optional eoe.sw.xfsmserv package on IRIX 6.5, uses a weak (default) AUTH_UNIX RPC authentication mechanism. This allows remote, unauthenticated attackers to invoke privileged RPC functions (i...
Beanwebb Guestbook 1.0 - Unauthorized Administrative Access
Beanwebb Guestbook 1.0 - Unauthorized Administrative Access source: https://www.securityfocus.com/bid/7232/info A vulnerability has been reported for Guestbook that may allow remote attackers to obtain unauthorized access to administrative functions. The vulnerability is likely due to insufficien...
Beanwebb Guestbook 1.0 - Unauthorized Administrative Access
source: https://www.securityfocus.com/bid/7232/info A vulnerability has been reported for Guestbook that may allow remote attackers to obtain unauthorized access to administrative functions. The vulnerability is likely due to insufficient permissions on the 'admin.php' script file...
Multiple PHP problems
Local integer overflow in socketiovecalloc may be exploited if PHP is compiled with --enable-sockets option. Memory allocation troubles. Buffer overflow in openlog...
CVE-2003-0151
CVE-2003-0151 affects BEA WebLogic Server and Express versions 6.0–7.0. The vulnerability is an access-control flaw in internal admin servlets that may allow remote attackers to read arbitrary files or execute arbitrary code. The connected sources confirm the affected products and the nature of t...
SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express
Remote Administration of BEA WebLogic Server and Express Release Date: March 18, 2003 Severity: High Systems Affected: • WebLogic Server and Express 6.0 • WebLogic Server and Express 6.1 • WebLogic Server and Express 7.0 Description: SPI Labs and S21sec have identified a serious vulnerability tha...
Nuked-klaN 1.3 - Remote Information Disclosure
Nuked-klaN 1.3 - Remote Information Disclosure source: https://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due t...
Nuked-klaN 1.3 - Remote Information Disclosure
source: https://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied UR...
CVE-2003-0074
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions 1 debuglog, 2 errorlog, and 3 infolog...
CVE-2003-0074
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions 1 debuglog, 2 errorlog, and 3 infolog...
CVE-2003-0074
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions 1 debuglog, 2 errorlog, and 3 infolog...
CVE-2003-0074
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions 1 debuglog, 2 errorlog, and 3 infolog...
Oracle 9.x - Database Statement Buffer Overflow
Oracle 9.x - Database Statement Buffer Overflow source: https://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL,...
HTTP TRACE / TRACK Methods Allowed
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. This script was written by Thomas Reinke Improvements re TRACK and RFP reference courtesy of Improvements by rd - httpget to get full HTTP/1.1 support,...