2326 matches found
ooComments 1.0 - classes/class_admin.php PathToComment Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28401/info ooComments is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and...
PHPList 2.8.12 Admin Page SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14403/info PHPList is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. Successful exploitation could resul...
Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23178/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit ...
Winace UnAce 2.2 Command Line Argument Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/9002/info UnAce has been reported to be prone to a buffer overflow vulnerability. The issue presents itself when UnAce handles ace filenames that are of excessive length. When this filename is passed to the UnAce utility ...
InnovaPortal msg.jsp msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/26084/info InnovaShop is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
Alt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/8024/info Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges. /...
BigACE 1.8.2 item_main.php GLOBALS Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...
Sun/Netscape Java Virtual Machine1.x Bytecode Verifier Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6224/info A vulnerability in the Sun and Netscape Java Virtual Machine has been reported. The vulnerability is related to the bytecode verifier, a component of the Java compiler that ensures legal structure of Java...
phpGB 1.1/1.2 PHP Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...
BigACE 1.8.2 download.cmd.php GLOBALS Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...
BigACE 1.8.2 admin.cmd.php GLOBALS Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...
DoceboLMS 2.0.x Lang Parameter Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18110/info DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include...
V-webmail 1.6.4 includes/pear/System.php CONFIG[pear_dir] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and t...
IBM WebSphere Application Server 6.1/7.0 Administrative Console Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34001/info IBM WebSphere Application Server WAS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...
V-webmail 1.6.4 includes/pear/File.php CONFIG[pear_dir] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and t...
Solaris 7.0 CDE dtmail/mailtool Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type: field, which wou...
ARISg 5.0 'wflogin.jsp' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38441/info ARISg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/502/info The imapd login process is susceptible to a buffer overflow attack which will crash the service. Telnet to target machine, port 143 OK IMAP4 Server IMail 4.06 X LOGIN glob1 glob2 Where glob1 is 1200 characters an...
Jinzora 2.7.5 ajax_request.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
RobTex Viking Server 1.0.6 Build 355 Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1614/info A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data supplied. / Robotex Viking Server...