1620 matches found
CVE-2005-3849
CVE-2005-3849 describes a cross-site scripting (XSS) vulnerability in the Search module of PmWiki up to version 2.0.12. The issue allows remote attackers to inject arbitrary web script or HTML via the q parameter. The available sources confirm the vulnerability and its description, but do not pro...
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities
XOOPS wfdownloads 2.05 Module - Multiple Vulnerabilities ?php / rgod: http://target/pathtoxoops/class/xoopseditor/textarea/editorregistry.php?xoopsConfiglanguage=../../../../../../../../../../script...
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities
?php / rgod: http://target/pathtoxoops/class/xoopseditor/textarea/editorregistry.php?xoopsConfiglanguage=../../../../../../../../../../script http://target/pathtoxoops/class/xoopseditor/textarea/editorregistry.php?xoopsConfiglanguage=../../../../../../../../../../boot.ini%00...
mod_access_referer 1.0.2 NULL pointer dereference
The remote web server may be using a modaccessreferer apache module which contains a NULL pointer dereference bug, Abuse of this vulnerability can possibly be used in denial of service attackers against affected systems. OpenVAS Vulnerability Test $Id: modaccessreferer.nasl 8023 2017-12-07...
Topic Calendar XSS
The remote web server is running Topic Calendar, a module for phpBB which adds calendaring support to phpBB. This script is vulnerable to a cross site scripting issue. SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection
source: https://www.securityfocus.com/bid/14631/info RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the...
CVE-2004-2294
CVE-2004-2294 affects PHP-Nuke 6.0 through 7.3, where the send_review function in the Reviews module has a canonicalize-before-filter error. Text parameter processing allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences after the text is checked for dangero...
CVE-2004-2297
The CVE-2004-2297 case concerns the Reviews module of PHP-Nuke versions 6.0 through 7.3. The vulnerability is a denial of service caused by a large, out-of-range score parameter that can consume CPU and memory. The available sources (NVD, CVE lists) describe the impact as a CPU/memory DoS but do ...
Linux Mettle x86, Find Tag Stager
Inject the mettle server payload staged. Use an established connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework FindTag ------- Linux find tag stager. module MetasploitModule CachedSize = 37 include...
Microsoft Color Management Module buffer overflow during profile tag validation
Overview Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code. Description The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and...
CVE-2004-1980
Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. dot dot in 1 module or 2 format variables...
CVE-2004-1972
CVE-2004-1972: SQL injection in PHP-Nuke Video Gallery Module 0.1 Beta 5 (modules.php) allows remote attackers to inject arbitrary SQL via clipid or catid parameters in viewclip, viewcat, or voteclip actions. Vulnerable component is the module’s handling of these parameters, enabling unauthorized...
USN-118-1: PostgreSQL vulnerabilities
It was discovered that unprivileged users were allowed to call internal character conversion functions. However, since these functions were not designed to be safe against malicious choices of argument values, this could potentially be exploited to execute arbitrary code with the privileges of th...
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
The installed version of phpBB on the remote host includes a photo album module that has multiple vulnerabilities: - A SQL Injection Vulnerability An attacker can pass arbitrary SQL code through the 'mode' parameter of the 'albumsearch.php' script to manipulate database queries. - Various...
PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 7.6 WebLinks Module - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13025/info PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the WebLinks Module. These issues are due to a failure in the application to proper...
CVE-2005-0089
CVE-2005-0089 affects the SimpleXMLRPCServer library in Python 2.2, 2.3 before 2.3.5, and 2.4. When an XML-RPC server registers an object via register_instance that lacks a _dispatch method, remote attackers could read or modify globals of the target module and potentially execute arbitrary code ...
CVE-2004-0244
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 MSFC2 and a FlexWAN or OSM module allow local users to cause a denial of service hang or reset by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet...
CVE-2004-0041
The CVE-2004-0041 issue affects mod_auth_shadow (versions 1.4 and earlier). The root cause is improper enforcement of account/password expiration, allowing remote authenticated users to bypass access restrictions. Documents from multiple sources (SUSE, Debian DSA-421, Debian security notes, and O...
CVE-2002-0560
Oracle 9i Application Server 1.0.2.x with PL/SQL module 3.0.9.8.2 exposes OWA_UTIL procedures (signature, listprint, show_query_columns) to remote attackers, enabling information disclosure. Affected component is the PL/SQL gateway (modplsql) in Oracle 9iAS; exploitation involves unauthenticated ...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...