accessible software vulnerabilities
vulnerabilities.aspcode.net
Searching accessible software vulnerabilities
Microsoft FrontPage stores form results in a de
/_private/form_resultstxt
|
world-readable
|
information
|
accessible
|
attackers
|
FrontPage
|
Microsoft
|
sensitive
|
submitted
|
possibly
|
document
|
location
|
results
|
default
|
remote
|
stores
|
allows
|
users
|
which
|
other
|
root
|
read
|
form
|
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
Management information base (MIB) for a 3Com Su
information
|
Management
|
base
|
Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
The installation of AdCycle banner management s
web-accessible
|
installation
|
management
|
directory
|
databases
|
passwords
|
attackers
|
buildcgi
|
execute
|
AdCycle
|
program
|
banner
|
delete
|
system
|
allows
|
leaves
|
remote
|
which
|
view
|
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
Find-By-Content in Mac OS X 10.0 through 10.0.4
Find-By-Content
|
Mac
|
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
PHP, when not configured with the "display_erro
"display_errors
|
configured
|
accessible
|
directive
|
attackers
|
physical
|
modifies
|
directly
|
trailing
|
produces
|
contains
|
request
|
setting
|
program
|
message
|
include
|
allows
|
remote
|
obtain
|
causes
|
phpini
|
error
|
which
|
slash
|
fail
|
path
|
Off"
|
base
|
file
|
PHP
|
not
|
via
|
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
Directory traversal vulnerability in the web se
vulnerability
|
RealPlayer
|
traversal
|
Directory
|
server
|
used
|
web
|
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
The Web Reports Server for SurfControl SuperSco
web-accessible
|
"scwebusers"
|
SurfControl
|
SuperScout
|
usernames
|
passwords
|
directory
|
attackers
|
WebFilter
|
password
|
username
|
Reports
|
remote
|
Server
|
obtain
|
stores
|
allows
|
crack
|
valid
|
which
|
file
|
Web
|
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.
CGIscript.net csMailto.cgi program exports feed
CGIscriptnet
|
information
|
csMailtocgi
|
accessible
|
accessing
|
sensitive
|
attackers
|
document
|
feedback
|
directly
|
exports
|
program
|
remote
|
obtain
|
which
|
could
|
allow
|
file
|
root
|
web
|
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
Macromedia Flash Player before 7,0,19,0 stores
Macromedia
|
Player
|
before
|
Flash
|
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
Oracle Database Server 8.1.7.4 through 9.2.0.4
Database
|
Server
|
Oracle
|
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
Raw character devices (raw.c) in the Linux kern
character
|
devices
|
Raw
|
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2
Bugzilla
|
through
|
218rc1
|
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
Unrestricted file upload vulnerability in PHPFM
vulnerability
|
Unrestricted
|
before
|
upload
|
PHPFM
|
file
|
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
Pantomime in Ecartis 1.0.0 snapshot 20050909 st
Pantomime
|
Ecartis
|
Pantomime in Ecartis 1.0.0 snapshot Friday, September 09, 2005 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files.
Unspecified vulnerability in the loaders (load_
vulnerability
|
Unspecified
|
loaders
|
Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver".
SQL injection vulnerability in whineatnews.pl i
vulnerability
|
whineatnewspl
|
injection
|
Bugzilla
|
SQL
|
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
export.php in The Address Book 1.04e writes use
information
|
accessible
|
attackers
|
exportphp
|
sensitive
|
publicly
|
password
|
database
|
contents
|
username
|
Address
|
dumping
|
allows
|
writes
|
obtain
|
remote
|
which
|
MySQL
|
104e
|
Book
|
hash
|
file
|
into
|
export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.
FON La Fonera routers do not properly limit DNS
unauthenticated
|
authentication
|
accessible
|
attackers
|
requests
|
properly
|
clients
|
service
|
traffic
|
routers
|
remote
|
tunnel
|
allows
|
before
|
Fonera
|
should
|
access
|
hosts
|
limit
|
which
|
FON
|
not
|
via
|
DNS
|
FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.
IBM Lotus Domino R5 and R6 WebMail, with "Gener
Readviewentries
|
CVE-2005-2428
|
OpenDocument
|
HTTPPassword
|
defaultview
|
accessible
|
different
|
"Generate
|
namesnsf
|
requests
|
fields"
|
through
|
WebMail
|
enabled
|
vector
|
stores
|
Domino
|
manner
|
hashes
|
Lotus
|
than
|
HTML
|
view
|
IBM
|
all
|
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
Software vulnerabilities results 1 to 20 of 40
Page:
1
2
3
►