Design/Logic Flaw

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

UBUNTU-CVE-2013-4729

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

Default credentials

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than...

CVE-2010-1916

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via 1 crafted backendconfigsecretkeylocation and...

PT-2009-5362 · Bingo! · Bingo!Cms

Name of the Vulnerable Software and Affected Versions: bingo!CMS versions 1.2 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content. Recommendations: For versions 1.2...

EasyPHP 3.0 - Arbitrary Modify Configuration File

EasyPHP 3.0 - Arbitrary Modify Configuration File Bug : Arbitrary Modify Configuration File Vendor : EasyPHP Vendor URI : http://sourceforge.net/projects/quickeasyphp/ Product : EasyPHP 2.0 Author : Zigma zigmatn @ gmail.com http://NullArea.NET Description : EasyPHP is a WAMP software bundle that...

CVE-2008-6690

Unspecified vulnerability in nepa-design.de Spam Protection ndantispam extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors...

CVE-2008-6690

Unspecified vulnerability in nepa-design.de Spam Protection ndantispam extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors...

GreaseKit and Creammonkey allows execution of userscript functions

Overview GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit a...

CVE-2008-0508

Cross-site request forgery CSRF vulnerability in deanspermalinksmigration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure aka deanpmconfigoldstructure configuration setting as administrators via the oldstruct parameter in a...

CVE-2006-5905

Web Directory Pro allows remote attackers to 1 backup the database and obtain the backup via a direct request to admin/backupdb.php or 2 modify configuration via a direct request to admin/options.php...

PT-2004-1244 · Ibm · Lotus Notes & Domino

Name of the Vulnerable Software and Affected Versions: Lotus Notes Domino version 6.0.2 Description: The issue concerns a configuration file, specifically the notes.ini file, which is installed with world-writable permissions on Linux systems. This allows local users to modify the Notes...

CVE-2000-0515

The snmpd.conf configuration file for the SNMP daemon snmpd in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges...