| OSVDB ID | Disclosure Date | Title |
|---|
|
33402
Description:
(Description Provided by CVE) : M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.
|
2007-01-07
|
M-Core db/uyelik.mdb Direct Request Database Disclosure
|
|
23740
Description:
m-phorum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'go' variable. This may allow an attacker to include a file either locally or from a remote host that may contain arbitrary commands which will be executed by the vulnerable script.
|
2006-03-07
|
m-phorum index.php go Parameter Remote File Inclusion
|
|
23951
Description:
m-phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'go' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-03-09
|
m-phorum index.php go Parameter XSS
|
|
23179
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
|
2006-02-14
|
M. Blom HTML::BBCode Multiple BBCode XSS
|
|
73689
Description:
m0n0wall contains a flaw related to the ez-ipupdate functionality that may allow an attacker to have an unspecified impact No further details have been provided.
|
2004-11-11
|
m0n0wall ez-ipupdate Unspecified Issue
|
|
12934
Description:
Unknown / Incomplete
|
2004-01-24
|
m0n0wall IPsec Startup Dynamic WAN IP Address Race Condition
|
|
12935
Description:
Unknown / Incomplete
|
2004-08-20
|
m0n0wall mini_httpd webGUI Server Malformed Connection DoS
|
|
73688
Description:
m0n0wall contains multiple unspecified flaws that allow remote cross-site scripting (XSS) attacks. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-01-01
|
m0n0wall Multiple Unspecified XSS
|
|
12933
Description:
Unknown / Incomplete
|
2003-10-02
|
m0n0wall status.cgi Unspecified Security Issue
|
|
73696
Description:
Unknown / Incomplete
|
2003-10-09
|
m0n0wall WebGUI Password Plaintext Local Disclosure
|
|
49250
Description:
(Description Provided by CVE) : SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
2008-10-20
|
M1 Intern Extension for TYPO3 Unspecified SQL Injection
|
|
55805
Description:
Unknown / Incomplete
|
2009-07-11
|
M3U/M3L To ASX/WPL Multiple Playlist File Handling Overflow
|
|
23572
Description:
By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.
|
2006-02-28
|
M4 Project enigma-suite Windows Client Default Account
|
|
45582
Description:
Unknown / Incomplete
|
1999-03-24
|
M6 Cipher Mod n Cryptanalysis Weakness
|
|
29900
Description:
Maarch contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an unspecified error when accessing documents, which will disclose the content of certain documents resulting in a loss of confidentiality.
|
2006-10-20
|
Maarch Arbitrary Document Disclosure
|
|
55609
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Basket Deletion Right Weakness
|
|
55611
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Closed Folder Index Modification Weakness
|
|
55604
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Closed Folder Status Checking Weakness
|
|
55610
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox CSV Export Unspecified Issue
|
|
55607
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Disabled User Mail Reassignment Weakness
|
|
55605
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Document Type Deletion Orphaned Mail DoS
|
|
55606
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox ScanSnap Connector / Maarch Virtual Printer Indexing Rights Unspecified Bypass
|
|
55608
Description:
Unknown / Incomplete
|
2009-07-01
|
Maarch LetterBox Unspecified Search Result Privilege Document Disclosure
|
|
52551
Description:
Maarch contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'login' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-11
|
Maarch login.php login Parameter SQL Injection
|
|
3461
Description:
FTPServer/X contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker uses specially crafted username, and will result in loss of availability for the service.
|
2004-01-11
|
Mabry FTPServer/X Command Username Format String Flaw
|
|
3462
Description:
A remote overflow exists in FTPServer/X. The program fails to bounds check arguments to the mkdir command resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the server resulting in a loss of confidentiality, integrity, and/or availability.
|
2004-01-11
|
Mabry FTPServer/X mkdir Command Overflow
|
|
77530
Description:
FTPServer/X is prone to an overflow condition as it fails fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With e.g. a specially crafted "USER" or invalid FTP request, a remote attacker can cause a DoS and potentially execute code.
|
2003-06-24
|
Mabry Software FTPServer/X Boundary Error FTP Server Response Parsing Remote Overflow
|
|
7034
Description:
Mac OS 9 contains a flaw that may allow a malicious user to bypass idle user screen locking. The issue is triggered when the debugger is launched by either using the programmer's switch or cmd-pwr key combination, from which an attacker can kill the idle screen. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
1999-10-31
|
Mac OS 9 Idle Lock Debugger Password Bypass
|
|
7033
Description:
Mac OS 9 contains a flaw that may allow a malicious user to bypass the idle user screen locking mechanism. The issue is triggered when the attacker selects "logout" from the password dialog, and a running application prompts for confirmation, which will allow the attacker to click cancel and return to the desktop. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
1999-10-26
|
Mac OS 9 Idle Lock Password Bypass
|
|
1173
Description:
Open Transport in Mac OS 9 contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed 29 byte long UDP packet, which will cause the machine to respond with an 1,500 byte long ICMP packet. It is possible for a remote attacker to use this behavior as an amplifier against other targets.
|
1999-12-29
|
Mac OS 9 Open Transport Malformed ICMP Datagram Response DoS
|
