| Page(s) : 1 ... 347 348 349 350 351 352 353 354 355 356 [357] 358 359 360 361 362 363 364 365 366 367 ... | Result(s) : 8837 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 3.6 | 2006-09-13 | CVE-2006-4759 | cve | PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute co... |
| 3.6 | 2006-09-13 | CVE-2006-4745 | cve | ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authenticati... |
| 2.6 | 2006-09-13 | CVE-2006-4739 | cve | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parame... |
| 2.6 | 2006-09-13 | CVE-2006-4726 | cve | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving... |
| 3.6 | 2006-09-12 | CVE-2006-4625 | cve | PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore fun... |
| 1.2 | 2006-09-11 | CVE-2006-4676 | cve | TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. |
| 2.6 | 2006-09-11 | CVE-2006-4673 | cve | Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct ... |
| 2.6 | 2006-09-08 | CVE-2006-4661 | cve | AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote a... |
| 2.6 | 2006-09-08 | CVE-2006-4650 | cve | Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation... |
| 1.7 | 2006-09-08 | CVE-2006-4642 | cve | AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by readi... |
| 2.6 | 2006-09-07 | CVE-2006-4624 | cve | CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting... |
| 2.3 | 2006-09-06 | CVE-2006-4600 | cve | slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). |
| 2.1 | 2006-09-05 | CVE-2006-4537 | cve | NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin... |
| 2.6 | 2006-09-01 | CVE-2006-4527 | cve | includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway... |
| 3.6 | 2006-08-31 | CVE-2006-4506 | cve | idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backs... |
| 2.1 | 2006-08-31 | CVE-2006-4493 | cve | xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with insecure file permissions, which allows local users to obtain sensitive information such as login credent... |
| 2.6 | 2006-08-31 | CVE-2006-4486 | cve | Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. |
| 2.6 | 2006-08-31 | CVE-2006-4484 | cve | Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file... |
| 3.6 | 2006-08-29 | CVE-2006-4439 | cve | pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode f... |
| 2.1 | 2006-08-28 | CVE-2006-4380 | cve | MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. |
| Page(s) : 1 ... 347 348 349 350 351 352 353 354 355 356 [357] 358 359 360 361 362 363 364 365 366 367 ... | Result(s) : 8837 |
