8 matches found
SUSE CVE-2018-14056
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories...
DEBIAN-CVE-2018-14056
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories...
aspWebLinks 2.0 - Remote SQL Injection / Admin Pass Change Exploit
No description provided by source. !-- Title : aspWebLinks 2.0 Remote Admin Pass Change Exploit and links.asp SQL Injection Author : ajann Dork : aspWebLinks 2.0 SQL INJECTION:...
CVE-2007-5464
Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service client crash and possibly execute arbitrary code via a long skin name...
Stack overflow
Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service client crash and possibly execute arbitrary code via a long skin name...
CVE-2007-5464
Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service client crash and possibly execute arbitrary code via a long skin name...
Directory traversal
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skinname parameter to template.php in 1 skin/dark/, 2 skin/gold/, or 3 skin/original/, a different vector than CVE-2007-2900. NOTE: the...
CVE-2006-1147
The Comsprintf function in qshared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers possibly authenticated to cause a denial of service application crash via a long skin, weapon, or model name...