435 matches found
Brainworks Software XpanceNET /index.php/request_passwordChange SQL Injection Vulnerability
Brainworks Software XpanceNET is a WEB-based application. Brainworks Software XpanceNET /index.php/requestpasswordChange handles a SQL injection vulnerability in the UserID parameter, which allows remote attackers to exploit the vulnerability by submitting a specially crafted SQL query to...
CVE-2015-2082
Cross-site scripting XSS vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter...
DEBIAN-CVE-2014-0012
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...
PYSEC-2014-82
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...
PT-2011-1253 · Ibm · Ibm Rational Asset Manager
Name of the Vulnerable Software and Affected Versions: IBM Rational Asset Manager versions 7.5 Description: The issue is related to insufficient access control in the processing of the UID parameter, allowing a remote attacker to bypass security restrictions. This could enable an attacker to modi...
DEBIAN-CVE-2006-3082
parse-packet.c in GnuPG gpg 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service gpg crash and possibly overwrite memory via a message packet with a large length long user ID string, which could lead to an integer overflow, as demonstrated using the...
PT-2005-4658 · Ovbb · Ovbb
Name of the Vulnerable Software and Affected Versions: OvBB version 0.08a Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the threadid parameter to "thread.php" and the userid parameter to "profile.php". The vendor has disputed these...
DEBIAN-CVE-2005-3256
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...
Oracle buffer overflow
Command line buffer overflow allows to obtain oracle uid...
Несанкционированный доступ в PHProject (unauthorized access)
Изменив идентификатор пользователя можно получить доступ к данным другого пользователя...
CVE-1999-0169
NFS allows attackers to read and write any file on the system by specifying a false UID...
CVE-1999-0084
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0...
CVE-1999-0084
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0...
CVE-1999-0556
Two or more Unix accounts have the same UID...
DUO-PSA-2017-003: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2017-003 Publication Date: 2018-02-27 Revision Date: 2018-02-27 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified a security flaw in a third-party library used in the Duo Network Gateway DNG which, under certain...