Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the...
** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web...
Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp (TunePimp) 0.4.2 allow remote user-assisted attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release...
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op. Date published : 2006-07-14 http://www.securityfocus.com/archive/1/438817/100/100/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27501
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. Date published : 2006-07-14 http://www.securityfocus.com/bid/27879 http://www.securityfocus.com/archive/1/438596/100/200/threaded
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main...
The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial...
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka...
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. Date published : 2006-07-14 http://www.securityfocus.com/bid/18952 http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command’s output to a file or folder, aka bug CSCse31704. Date...
Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka...
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer...
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B,...
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 – None", which is accepted even if it...