2226 matches found
CVE-2002-1884
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin"...
CVE-2005-0732
PY Software Active Webcam WebServer webcam.exe 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message...
CVE-2005-0734
PY Software Active Webcam WebServer webcam.exe 5.5 allows remote attackers to cause a denial of service memory exhaustion and process crash via a large number of HTTP requests...
CVE-2005-0731
CVE-2005-0731 affects PY Software Active Webcam WebServer (webcam.exe) 5.5. A remote attacker can trigger a denial of service by requesting Filelist.html, leading to increased CPU usage and service impact. The NVD lists a base score of 5.0 (MEDIUM) with network attack vector and partial availabil...
CVE-2005-0730
PY Software Active Webcam WebServer webcam.exe 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt...
CVE-2005-0734
CVE-2005-0734 affects PY Software’s Active WebCam WebServer (webcam.exe) version 5.5. The available documents state that remote attackers can cause a denial of service through a flood of HTTP requests, leading to memory exhaustion and a process crash. The root cause is not explicitly detailed in ...
CVE-2005-0732
The CVE-2005-0732 entry concerns PY Software Active Webcam WebServer (webcam.exe) v5.5. Public sources (NVD) state that remote attackers can cause the server to disclose the full installation path by requesting a non-existent filename, leaking the path in an error message. This is classified with...
CVE-2005-0730
CVE-2005-0730 involves PY Software’s Active WebCam WebServer (webcam.exe) 5.5. The connected sources describe concrete issues: (1) Denial of Service by requesting a file on the floppy drive (A:\a.txt), (2) path disclosure via error messages revealing installation paths for nonexistent files, and ...
CVE-2005-0734
PY Software Active Webcam WebServer webcam.exe 5.5 allows remote attackers to cause a denial of service memory exhaustion and process crash via a large number of HTTP requests...
security flaw
Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...
CVE-2003-1384
Cross-site scripting XSS vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the 1 titre, 2 Votre pseudo, 3 Votre e-mail, or 4 Votre message fields...
PY Software Active Webcam 4.3 - WebServer Cross-Site Scripting
PY Software Active Webcam 4.3 - WebServer Cross-Site Scripting source: https://www.securityfocus.com/bid/9261/info A vulnerability has been reported to be present in the software that may allow a remote attacker to execute HTML or script code in a user's browser. It has been reported that the...
CVE-2003-0751
SQL injection vulnerability in passdone.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter...
CVE-2003-0750
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter...
CVE-2003-0751
SQL injection vulnerability in passdone.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter...
CVE-2003-0751
The CVE-2003-0751 entry concerns a SQL injection in pass_done.php affecting PY-Membres 4.2 and earlier. The vulnerability arises from unsafely handling the email parameter, allowing remote attackers to execute arbitrary SQL queries. The connected records confirm the core details (affected compone...
CVE-2003-0750
The CVE-2003-0750 entry concerns secure.php in PY-Membres 4.2 and earlier, where remote attackers can bypass authentication by setting the adminpy parameter. Affected component is the secure.php authentication logic in PY-Membres; the root cause is an authentication bypass via a crafted adminpy p...
Py-Membres 4.x - Secure.php Unauthorized Access
Py-Membres 4.x - Secure.php Unauthorized Access source: https://www.securityfocus.com/bid/8499/info A vulnerability has been reported for Py-Membres that allows remote attackers to obtain administrative privileges on vulnerable installations. Reportedly, Py-Membres does not fully check some URI...
Py-Membres 4.x - Pass_done.php SQL Injection
Py-Membres 4.x - Passdone.php SQL Injection source: https://www.securityfocus.com/bid/8500/info A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the passdone.php file...
Py-Membres 4.0 - SQL Injection
Py-Membres 4.0 - SQL Injection source: https://www.securityfocus.com/bid/7301/info A vulnerability has been reported for Py-Membres 4.0 that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the login.php file included with...