| OSVDB ID | Disclosure Date | Title |
|---|
|
5716
Description:
Zonet ZSR1104WE wireless router contains a flaw that may allow a remote attacker to bypass security settings. The problem is that the NAT implementation modifies the source address of inbound connections so that the origin address of forwarded traffic is that of the router, which may prevent identification of remote attackers resulting in a loss of integrity.
|
2004-04-23
|
Zonet ZSR1104WE Wireless Router Improper NAT
|
|
27775
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
2006-08-03
|
ZoneX Publishers Gold Edition usercp_register.php phpbb_root_path Parameter Remote File Inclusion
|
|
16864
Description:
ZonGG contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'password' field in the 'login.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
|
2005-05-27
|
ZonGG login.asp password Field SQL Injection
|
|
37302
Description:
(Description Provided by CVE) : zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
|
2007-05-04
|
zoo Decoder unzoo.c Malformed Zoo Archive Handling DoS
|
|
23460
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
|
2006-02-22
|
Zoo fullpath() File Name Handling Overflow
|
|
23934
Description:
(Description Provided by CVE) : Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.
|
2006-02-28
|
Zoo parse.c parse() Function File Name Handling Overflow
|
|
77648
Description:
1pluginjquery contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'page' parameter upon submission to the wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/wp-1pluginjquery.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-11-30
|
ZooEffect Plugin for WordPress 1pluginjquery /wp-1pluginjquery.php page Parameter XSS
|
|
61464
Description:
zoom Component for Mambo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'catid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-09-04
|
zoom Component for Mambo index.php catid Parameter SQL Injection
|
|
39872
Description:
(Description Provided by CVE) : Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.
|
2007-12-24
|
Zoom Player Crafted ZPL File Error Message Arbitrary Code Execution
|
|
89099
Description:
Zoom Player contains a flaw that is triggered when an error occurs during the handling of a specially crafted JPG files. This may allow a context-dependent attacker to execute arbitrary code.
|
2012-12-30
|
Zoom Player JPG File Handling Arbitrary Code Execution
|
|
67333
Description:
Zoom Portfolio Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-08-24
|
Zoom Portfolio Component for Joomla! index.php id Parameter SQL Injection
|
|
2669
Description:
Zoom Search Engine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-10-15
|
Zoom Search Engine search.php zoom_query Parameter XSS
|
|
83709
Description:
Zoombak Assisted-GPS (A-GPS) Locator devices contain a flaw that allow a remote attacker to retrieve sensitive information. By sending crafted SMS messages to the device, the device can be instructed to send precise GPS location data to an arbitrary server. This attack requires knowledge of the cellular phone number associated with the device and the basic protocol information used for communication. Due to a lack of authentication, a variety of commands can be sent to the device revealing information or spoofing data sent by the device.
|
2011-04-22
|
Zoombak A-GPS Locator SMS Communications Remote Location Information Disclosure
|
|
20899
Description:
Unknown / Incomplete
|
2005-11-04
|
Zoomblog IMG BBCode Tag Arbitrary Script Injection
|
|
59671
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title.
|
2009-11-04
|
Zoomify Module for Drupal Node Title Parameter XSS
|
|
37207
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
|
2007-06-11
|
Zoomify Viewer ActiveX ZActiveX.dll Multiple Unspecified Overflows
|
|
31431
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter.
|
2006-09-24
|
ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
|
|
58282
Description:
Unknown / Incomplete
|
2003-06-19
|
Zope /Examples/db/ExampledbBrowseReport Description Field XSS
|
|
58281
Description:
Unknown / Incomplete
|
2003-06-19
|
Zope /Examples/FileLibrary/addFile Empty Upload Error Message Path Disclosure
|
|
58284
Description:
Unknown / Incomplete
|
2003-06-19
|
Zope /Examples/ShoppingCart/addItems Information Disclosure
|
|
58283
Description:
Unknown / Incomplete
|
2003-06-19
|
Zope /Examples/ShoppingCart/addItems Quantity Field XSS
|
|
10325
Description:
Unknown / Incomplete
|
2004-01-08
|
Zope Admin find Function Improper Security Assertion
|
|
6286
Description:
Digital Creations Zope contains a flaw that may allow a malicious user to alter the method return values for affected classes. The issue is triggered because of a vulnerability in the handling of the method return values for the ObjectManager, PropertyManager, and PropertySheet classes. It is possible that the flaw may allow data manipulation in the classes resulting in a loss of integrity.
|
2001-02-23
|
Zope Class Return Value Modification
|
|
347
Description:
(Description Provided by CVE) : The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
|
2000-06-15
|
Zope DocumentTemplate Unauthorized DTML Entity Modification
|
|
28891
Description:
(Description Provided by CVE) : The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
|
2006-08-21
|
Zope Docutils Module csv_table restructuredText Directive Information Disclosure
|
|
27125
Description:
(Description Provided by CVE) : Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
|
2006-07-05
|
Zope docutils reStructuredText raw Directive Unspecified Information Disclosure
|
|
468
Description:
(Description Provided by CVE) : The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
|
2000-01-04
|
Zope DTML Implementation Remote Restriction Bypass
|
|
10320
Description:
Unknown / Incomplete
|
2004-01-08
|
Zope DTML Tag dtml-tree eval DoS
|
|
1973
Description:
(Description Provided by CVE) : Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
|
2001-10-01
|
Zope dtml-var fmt Attribute Tag Security Bypass
|
|
10323
Description:
Unknown / Incomplete
|
2004-01-08
|
Zope DTMLDocument Objects Improper Security Assertion
|
