disclosure software vulnerabilities
vulnerabilities.aspcode.net
Searching disclosure software vulnerabilities
Microsoft Word and Excel allow remote attackers
demonstrated
|
information
|
sensitive
|
attackers
|
Microsoft
|
document
|
returned
|
attacker
|
certain
|
insert
|
remote
|
codes
|
steal
|
allow
|
Excel
|
field
|
using
|
Word
|
via
|
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
The iBCS2 system call translator for statfs in
translator
|
through
|
statfs
|
NetBSD
|
system
|
iBCS2
|
call
|
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
The deserialization code in PHP before 4.3.10 a
deserialization
|
before
|
code
|
PHP
|
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double free and negative reference index array underflow" results.
Unknown "high risk" vulnerability in DB2 Univer
vulnerability
|
Universal
|
Database
|
earlier
|
vectors
|
Unknown
|
attack
|
impact
|
risk"
|
"high
|
DB2
|
has
|
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor.
print.php in FlatNuke 2.5.6 allows remote attac
FlatNuke
|
printphp
|
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
PHP file inclusion vulnerability in index.php i
vulnerability
|
Content2Web
|
inclusion
|
indexphp
|
file
|
PHP
|
PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS).
SQL injection vulnerability in PHP Labs Top Auc
vulnerability
|
arbitrary
|
attackers
|
injection
|
commands
|
execute
|
Auction
|
remote
|
allows
|
Labs
|
SQL
|
via
|
Top
|
PHP
|
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
Microsoft Internet Explorer allows remote attac
cross-domain
|
restrictions
|
information
|
Microsoft
|
sensitive
|
Cascading
|
directive
|
attackers
|
download
|
Internet
|
Explorer
|
security
|
@import
|
domains
|
allows
|
remote
|
bypass
|
obtain
|
Sheets
|
valid
|
Style
|
files
|
using
|
other
|
not
|
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
SQL injection vulnerability in articles\article
articles\articles_funcsphp
|
vulnerability
|
injection
|
phpCOIN
|
SQL
|
SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command injection is not feasible because the injection occurs after an "ORDER BY" clause, but it is likely that this bug could result in an error message path disclosure due to a syntax error, in some environments. Therefore this is an exposure and should be included in CVE.
dm-crypt in Linux kernel 2.6.15 and earlier doe
dm-crypt
|
kernel
|
Linux
|
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.
SQL injection vulnerability in escribir.php in
vulnerability
|
escribirphp
|
injection
|
Domus
|
Foro
|
SQL
|
SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information.
MyTopix 1.2.3 allows remote attackers to obtain
MyTopix
|
MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.
Unspecified vulnerability in the image module i
vulnerability
|
Unspecified
|
Exponent
|
before
|
module
|
image
|
CMS
|
Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors.
SquirrelMail 1.4.6 and earlier, with register_g
SquirrelMail
|
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
Unspecified vulnerability in Windows 2000 Advan
vulnerability
|
Unspecified
|
Windows
|
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of Thursday, November 16, 2006, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
SQL injection vulnerability in index.php in Con
vulnerability
|
ContentNow
|
injection
|
indexphp
|
SQL
|
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
mystats.php in MyStats 1.0.8 and earlier allows
mystatsphp
|
MyStats
|
mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message.
SQL injection vulnerability in nukesentinel.php
nukesentinelphp
|
vulnerability
|
NukeSentinel
|
injection
|
SQL
|
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
The BitTorrent implementation in Opera 9.2 allo
implementation
|
BitTorrent
|
attackers
|
service
|
denial
|
allows
|
remote
|
Opera
|
cause
|
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this to as a memory leak, but it is not certain.
PHP remote file inclusion vulnerability in log.
vulnerability
|
phpFreeLog
|
inclusion
|
logphp
|
remote
|
alpha
|
file
|
PHP
|
PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous.
Software vulnerabilities results 1 to 20 of 113
Page:
1
2
3
4
5
6
►