m-phorum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'go' variable. This may allow an attacker to include a file either locally or from a remote host that may contain arbitrary commands which will be executed by the vulnerable script.
m-phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'go' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
M-Player contains a flaw that may allow for a denial of service. The issue is triggered when a user opens a malformed MP3 file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).
m0n0wall contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
m0n0wall contains multiple unspecified flaws that allow remote cross-site scripting (XSS) attacks. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.
Maag Form Captcha Extension for TYPO3 contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
Maarch contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an unspecified error when accessing documents, which will disclose the content of certain documents resulting in a loss of confidentiality.
Maarch contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'login' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
MAAS contains a flaw in maas-import-pxe-files that leads to unauthorized privileges being gained. The issue is due to the program insecurely loading configuration information from the current working directory. This may allow a local attacker to gain elevated privileges.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.