Searching auto indexing software vulnerabilities

Auto_FTP.pl script in Auto_FTP 0.2 stores usern

configuration | auto_ftpconf | Auto_FTPpl | passwords | plaintext | usernames | Auto_FTP | script | stores | file |

Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file.


Auto_FTP.pl script in Auto_FTP 0.2 uses the /tm

/tmp/ftp_tmp | permissions | Auto_FTPpl | directory | Auto_FTP | insecure | allows | script | shared | local | users | which | uses |

Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred.


Auto-update feature of Macromedia Shockwave 7 t

information | Auto-update | Macromedia | transmits | Shockwave | password | feature | user's | back | hard | disk |

Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.


Norton AntiVirus 5.00.01C with the Novell Netwa

auto-protection | AntiVirus | properly | restart | service | Netware | 50001C | Norton | system | logged | client | Novell | first | after | does | user | not | off | has |

Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.


The ixsso.query ActiveX Object is marked as saf

determines | ixssoquery | operators | scripting | malicious | existence | visiting | remotely | Windows | ActiveX | script | marked | Object | allows | files | which | embed | safe | site | web |

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.


Vulnerability in auto_parms and set_parms in HP

Vulnerability | auto_parms | set_parms | HP-UX |

Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.


GroupWise WebAccess 5.5 with directory indexing

lowercase | arbitrary | directory | GroupWise | WebAccess | attacker | contents | indexing | enabled | request | remote | allows | "get" | view | HTTP | via |

GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".


Pirch and RusPirch, when auto-log is enabled, a

attackers | auto-log | RusPirch | service | enabled | denial | allows | remote | Pirch | cause |

Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.


The default configuration of Apache 2.0.40, as

configuration | default | Apache |

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).


Buffer overflow in the UdmDocToTextBuf function

UdmDocToTextBuf | mnoGoSearch | function | overflow | Buffer |

Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.


The Indexing Service for Microsoft Windows XP a

Microsoft | Indexing | Windows | Service | Server |

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.


Buffer overflow in the auto_filter_extern funct

auto_filter_extern | arbitrary | attackers | NapShare | gnutella | overflow | response | function | execute | crafted | enabled | Buffer | extern | filter | remote | allows | autoc | code | via |

Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.


FormMail.php 5.0, and possibly other versions,

FormMailphp | attackers | arbitrary | possibly | pathname | versions | ar_file | allows | remote | files | other | read | full | via |

FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.


PHP remote file inclusion vulnerability in user

vulnerability | user_checkphp | parameter | attackers | arbitrary | inclusion | sitepath | execute | allows | remote | Pavsta | code | file | Auto | Site | PHP | via |

PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter.


Unknown vulnerability in session.php in EQdkp b

vulnerability | sessionphp | Unknown | before | EQdkp |

Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.


Mail.app in Mail for Apple Mac OS X 10.3.9 and

Mailapp | Apple | Mail | Mac |

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.


Advansysperu Software USB Lock Auto-Protect (AP

Auto-Protect | Advansysperu | Software | Lock | USB |

Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.


Argument injection vulnerability in Beagle befo

vulnerability | injection | Argument | before | Beagle |

Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.


Software vulnerabilities results 1 to 20 of 38     
Page: 12