Searching acl software vulnerabilities

The Domain gateway in BEA Tuxedo 7.1 does not p

authorization | imported | services | gateway | qspaces | domains | perform | Tuxedo | remote | exists | access | allows | checks | Domain | which | users | does | even | BEA | ACL | not |

The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.


pt_chmod in Solaris 8 does not call fdetach to

privileges | terminals | modifying | terminal | pt_chmod | fdetach | Solaris | users' | allows | which | other | write | local | reset | users | does | call | ACL | TTY | not | log | out |

pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.


ProFTPD 1.2.9 treats the Allow and Deny directi

ProFTPD |

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.


Multiple SQL injection vulnerabilities in PL/SQ

vulnerabilities | procedures | privileges | arbitrary | attackers | injection | commands | Multiple | execute | definer | remote | rights | PL/SQL | Oracle | allow | gain | via | SQL | 10g | run |

Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.


Unknown vulnerability in the PageEditor in Moin

vulnerability | PageEditor | MoinMoin | Unknown |

Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.


DokuWiki before 2004-10-19 allows remote attack

administrative | functionality | 2004-10-19 | attackers | including | DokuWiki | access | before | allows | remote |

DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.


The acl_check function in phpGroupWare 0.9.16RC

phpGroupWare | information | directories | sensitive | acl_check | attackers | htaccess | expected | function | possibly | impacts | 0916RC2 | returns | unknown | obtain | WebDAV | users' | always | behave | remote | mkdir | other | files | which | allow | could | True | even | home | does | lack | via | not | has |

The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.


nfs2acl.c in the Linux kernel 2.6.14.4 does not

nfs2aclc | kernel | Linux |

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.


The Downloadable RADIUS ACLs feature in Cisco P

Downloadable | feature | RADIUS | Cisco | ACLs | VPN | PIX |

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.


Citrix MetaFrame up to XP 1.0 Feature 1, except

MetaFrame | Windows | running | Feature | Server | Citrix | except |

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.


SmartLine DeviceLock before 5.73 Build 305 does

DeviceLock | SmartLine | before |

SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information.


slapd in OpenLDAP before 2.3.25 allows remote a

OpenLDAP | before | slapd |

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).


Pedro Lineu Orso chetcpasswd before 2.4 relies

X-Forwarded-For | unauthorized | chetcpasswd | verifying | attackers | spoofing | client's | address | access | remote | allows | status | header | relies | before | Pedro | Lineu | which | HTTP | Orso | gain | ACL |

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.


The aclMatchExternal function in Squid before 2

aclMatchExternal | attackers | 26STABLE7 | function | service | denial | remote | before | allows | Squid | cause |

The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.


Stack-based buffer overflow in the Apple-specif

Apple-specific | Stack-based | overflow | module | buffer | Samba |

Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.


Unspecified vulnerability in Cisco Firewall Ser

vulnerability | Unspecified | Firewall | Services | Module | Cisco |

Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.


Integer signedness error in the acl (facl) syst

signedness | Integer | error | acl |

Integer signedness error in the acl (facl) system call in Solaris 10 before Monday, May 07, 2007 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.


The ACL plugin in Dovecot before 1.0.3 allows r

Dovecot | before | plugin | ACL |

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.


JFFS2, as used on One Laptop Per Child (OLPC) b

Laptop | Child | JFFS2 | used | Per | One |

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.


Software vulnerabilities results 1 to 20 of 31     
Page: 12