| OSVDB ID | Disclosure Date | Title |
|---|
|
33402
Description:
(Description Provided by CVE) : M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.
|
2007-01-07
|
M-Core db/uyelik.mdb Direct Request Database Disclosure
|
|
85144
Description:
M-Link contains a flaw related to the verification of XMPP server dialback response requests. This may allow a remote attacker to spoof domains that were not asserted.
|
2012-08-21
|
M-Link XMPP Server Dialback Response Spoofing Weakness
|
|
23740
Description:
m-phorum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'go' variable. This may allow an attacker to include a file either locally or from a remote host that may contain arbitrary commands which will be executed by the vulnerable script.
|
2006-03-07
|
m-phorum index.php go Parameter Remote File Inclusion
|
|
23951
Description:
m-phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'go' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-03-09
|
m-phorum index.php go Parameter XSS
|
|
82586
Description:
M-Player contains a flaw that may allow for a denial of service. The issue is triggered when a user opens a malformed MP3 file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).
|
2012-01-08
|
M-Player Malformed MP3 File Handling DoS
|
|
23179
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
|
2006-02-14
|
M. Blom HTML::BBCode Multiple BBCode XSS
|
|
88289
Description:
m0n0wall contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2012-11-12
|
m0n0wall Arbitrary Command Execution CSRF
|
|
73689
Description:
m0n0wall contains a flaw related to the ez-ipupdate functionality that may allow an attacker to have an unspecified impact No further details have been provided.
|
2004-11-11
|
m0n0wall ez-ipupdate Unspecified Issue
|
|
12934
Description:
Unknown / Incomplete
|
2004-01-24
|
m0n0wall IPsec Startup Dynamic WAN IP Address Race Condition
|
|
12935
Description:
Unknown / Incomplete
|
2004-08-20
|
m0n0wall mini_httpd webGUI Server Malformed Connection DoS
|
|
73688
Description:
m0n0wall contains multiple unspecified flaws that allow remote cross-site scripting (XSS) attacks. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-01-01
|
m0n0wall Multiple Unspecified XSS
|
|
12933
Description:
Unknown / Incomplete
|
2003-10-02
|
m0n0wall status.cgi Unspecified Security Issue
|
|
73696
Description:
Unknown / Incomplete
|
2003-10-09
|
m0n0wall WebGUI Password Plaintext Local Disclosure
|
|
49250
Description:
(Description Provided by CVE) : SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
2008-10-20
|
M1 Intern Extension for TYPO3 Unspecified SQL Injection
|
|
55805
Description:
Unknown / Incomplete
|
2009-07-11
|
M3U/M3L To ASX/WPL Multiple Playlist File Handling Overflow
|
|
23572
Description:
By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.
|
2006-02-28
|
M4 Project enigma-suite Windows Client Default Account
|
|
45582
Description:
Unknown / Incomplete
|
1999-03-24
|
M6 Cipher Mod n Cryptanalysis Weakness
|
|
29900
Description:
Maarch contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an unspecified error when accessing documents, which will disclose the content of certain documents resulting in a loss of confidentiality.
|
2006-10-20
|
Maarch Arbitrary Document Disclosure
|
|
55609
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Basket Deletion Right Weakness
|
|
55611
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Closed Folder Index Modification Weakness
|
|
55604
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Closed Folder Status Checking Weakness
|
|
55610
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox CSV Export Unspecified Issue
|
|
55607
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Disabled User Mail Reassignment Weakness
|
|
55605
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Document Type Deletion Orphaned Mail DoS
|
|
55606
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox ScanSnap Connector / Maarch Virtual Printer Indexing Rights Unspecified Bypass
|
|
55608
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Unspecified Search Result Privilege Document Disclosure
|
|
52551
Description:
Maarch contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'login' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-11
|
Maarch login.php login Parameter SQL Injection
|
|
3461
Description:
FTPServer/X contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker uses specially crafted username, and will result in loss of availability for the service.
|
2004-01-11
|
Mabry FTPServer/X Command Username Format String Flaw
|
|
3462
Description:
A remote overflow exists in FTPServer/X. The program fails to bounds check arguments to the mkdir command resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the server resulting in a loss of confidentiality, integrity, and/or availability.
|
2004-01-11
|
Mabry FTPServer/X mkdir Command Overflow
|
|
77530
Description:
FTPServer/X is prone to an overflow condition as it fails fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With e.g. a specially crafted "USER" or invalid FTP request, a remote attacker can cause a DoS and potentially execute code.
|
2003-06-24
|
Mabry Software FTPServer/X Boundary Error FTP Server Response Parsing Remote Overflow
|
