aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6642 items

CVE-2008-2966: Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbit

infovulnerability
security
Jul 2, 2008
CVE-2008-2966

A directory traversal vulnerability (a flaw allowing attackers to access files outside their intended directory by using special path sequences like '..' to navigate backwards) exists in JaxUltraBB 2.0 and earlier. An attacker can exploit this through the viewprofile.php file by manipulating the user parameter to read arbitrary local files on the affected system.

NVD/CVE Database

CVE-2007-6481: Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 a

infovulnerability
security
Dec 20, 2007
CVE-2007-6481

A vulnerability in the Device Manager daemon (utdevmgrd, a background service that manages devices) in Sun Ray Server Software versions 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories without authorization. The exact method of exploitation is not detailed in the source.

CVE-2007-6482: Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 a

infovulnerability
security
Dec 20, 2007
CVE-2007-6482

A vulnerability in the Device Manager daemon (utdevmgrd, a background service that manages devices) in Sun Ray Server Software versions 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to crash the daemon through unspecified means, causing a denial of service (making the service unavailable). The specific attack method and affected software details are not clearly documented in this record.

CVE-2007-0482: cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by

infovulnerability
security
Jan 25, 2007
CVE-2007-0482

A vulnerability in Sun Ray Server Software versions 2.0 and 3.0 (before January 23, 2007) allowed local users (people with access to the same system) to steal the utadmin password by reading web server log files or through other unspecified local attacks. This is a serious issue because the utadmin password likely controls important administrative functions on the server.

CVE-2007-0335: Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute

infovulnerability
security
Jan 18, 2007
CVE-2007-0335EPSS: 13.0%

CVE-2006-5511: Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, all

infovulnerability
security
Oct 25, 2006
CVE-2006-5511

JaxUltraBB (JUBB) 2.0 has a direct static code injection vulnerability (a weakness that lets attackers insert malicious code) in its delete.php file when register_globals is enabled (a PHP setting that automatically creates variables from user input). Remote attackers can inject arbitrary web script, HTML, or PHP code through the contents parameter, which gets added to a file specified by the forum parameter.

CVE-2006-4049: Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwr

infovulnerability
security
Aug 9, 2006
CVE-2006-4049

CVE-2006-4049 is a vulnerability in the utxconfig utility (a configuration tool) in Sun Ray Server Software version 3.x that allows local users (people with access to the system) to create or overwrite arbitrary files through unknown methods. The exact details of how the attack works are not specified in the available information.

CVE-2006-2670: Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script

infovulnerability
security
May 30, 2006
CVE-2006-2670

ChatPat version 1.0 contains multiple cross-site scripting (XSS, where attackers inject malicious scripts into web pages) vulnerabilities in two PHP files that allow attackers to inject harmful code through chat messages. The vulnerability affects the fastchat.php and fastshow.php files in the application.

CVE-2006-1913: Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attacke

infovulnerability
security
Apr 20, 2006
CVE-2006-1913

A cross-site scripting vulnerability (XSS, a type of attack where an attacker injects malicious code into a webpage that runs in other users' browsers) exists in Jax Guestbook versions 3.1, 3.31, and 3.50 in the jax_guestbook.php file. Remote attackers can exploit this by injecting arbitrary web script or HTML through the page parameter. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is).

CVE-2006-1400: Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.asp in Metisware Instructor 1.3 and earlier allows

infovulnerability
security
Mar 28, 2006
CVE-2006-1400

CVE-2006-1400 is a cross-site scripting (XSS) vulnerability in a web page called MyTasks/PersonalTaskEdit.asp in Metisware Instructor version 1.3 and earlier. XSS is a security flaw where attackers inject malicious code into a website that then runs in other users' browsers. In this case, attackers can inject harmful scripts through the Task parameter to compromise users.

CVE-2006-1239: Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbit

infovulnerability
security
Mar 15, 2006
CVE-2006-1239

CVE-2006-1239 is a cross-site scripting (XSS, a type of attack where an attacker injects malicious code into a webpage that runs in other users' browsers) vulnerability in Gemini 2.0's issue creation page that allows attackers to inject arbitrary web script or HTML through the rtcDescription$RadEditor1 input field. The vulnerability has an unknown CVSS severity score as of the record date. The source note indicates that details come from third-party information rather than official vendor confirmation.

CVE-2005-4008: SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL co

infovulnerability
security
Dec 5, 2005
CVE-2005-4008

Jax Calendar version 1.34 contains a SQL injection vulnerability (a type of attack where an attacker inserts malicious SQL code into input fields) in the jax_calendar.php file. The vulnerability allows remote attackers to execute arbitrary SQL commands through the cal_id parameter and possibly the Y and m parameters.

CVE-2005-4001: Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execut

infovulnerability
security
Dec 5, 2005
CVE-2005-4001

CVE-2005-4001 is a SQL injection vulnerability (a type of attack where an attacker inserts malicious database commands into user input fields) in phpYellow Pro Edition and Lite Edition version 5.33. The vulnerability allows remote attackers to execute arbitrary SQL commands through two different input parameters: the haystack parameter in search_result.php or the ckey parameter in print_me.php.

CVE-2005-3105: The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache cohere

infovulnerability
security
Sep 30, 2005
CVE-2005-3105

A bug in Linux 2.6's mprotect code (the system that controls memory access permissions) on Itanium IA64 Montecito processors fails to keep cache memory synchronized with main memory as the processor design requires. This allows local users (people with access to the same computer) to crash the system and potentially corrupt data by changing memory protection settings.

CVE-2005-1422: Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a deni

infovulnerability
security
May 3, 2005
CVE-2005-1422

Raysoft/Raybase Video Cam Server version 1.0.0 beta has a vulnerability where remote attackers (people accessing the system from outside) can perform administrator operations and shut down the server or camera by sending a direct request to admin.html. This is a serious flaw because it lets unauthorized users take control of the system without proper authentication (verification of identity).

CVE-2005-1420: Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a r

infovulnerability
security
May 3, 2005
CVE-2005-1420

Raysoft/Raybase Video Cam Server version 1.0.0 beta has a vulnerability where remote attackers (people accessing the server from outside) can discover the full pathname (the complete file location) of the server by requesting an invalid page, such as by using a hex-encoded space character. This information leakage could help attackers understand the server's structure and plan further attacks.

CVE-2005-1421: Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitra

infovulnerability
security
May 3, 2005
CVE-2005-1421

A directory traversal vulnerability (a security flaw where an attacker uses special path sequences to access files outside their allowed area) was found in Raysoft/Raybase Video Cam Server version 1.0.0 beta. Remote attackers could exploit this by sending HTTP requests containing ".." (dot dot) sequences to read arbitrary files on the affected system.

CVE-2004-0701: Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when th

infovulnerability
security
Jul 27, 2004
CVE-2004-0701

Sun Ray Server Software (SRSS) versions 1.3 and 2.0 on certain Solaris systems have a bug where quickly removing, reinserting, and removing a smartcard again can prevent the system from detecting that the card is gone. This leaves a user's session logged in, potentially allowing someone else to access the account without permission.

CVE-2002-2036: Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as a

infovulnerability
security
Dec 31, 2002
CVE-2002-2036

Sun Ray Server Software (SRSS) version 1.3 has a vulnerability that allows remote attackers to log in as another user when Non-Smartcard Mobility (NSCM, a feature that lets users connect from different systems) is enabled, by running dtlogin (a login program) from a system that supports XDMCP (a protocol for remote display connections). This is a serious authentication bypass vulnerability that could let attackers impersonate legitimate users.

CVE-2000-1193: Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial

infovulnerability
security
Aug 31, 2001
CVE-2000-1193

CVE-2000-1193 is a vulnerability in Performance Copilot's PMCD (Performance Metrics Collector Daemon, a service that monitors system performance metrics) on IRIX 6.x systems that allows remote attackers to cause a denial of service (resource exhaustion, where a system runs out of memory or processing power) by sending an extremely long string to the PMCD port. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious the vulnerability is).

Previous332 / 333Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Jax Petition Book version 1.0.3.06 contains directory traversal vulnerabilities (a security flaw where attackers use .. sequences to access files outside the intended folder) in two PHP files. Remote attackers can exploit this by adding .. characters to the languagepack parameter, allowing them to view and run arbitrary local files on the server.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database