filter software vulnerabilities
vulnerabilities.aspcode.net
Searching filter software vulnerabilities
Windows NT is not using a password filter utili
PASSFILTDLL
|
password
|
utility
|
Windows
|
filter
|
using
|
not
|
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
PHP3 with safe_mode enabled does not properly f
metacharacters
|
attackers
|
safe_mode
|
commands
|
executed
|
properly
|
enabled
|
execute
|
remote
|
filter
|
could
|
allow
|
which
|
shell
|
popen
|
PHP3
|
does
|
not
|
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
The Postaci frontend for PostgreSQL does not pr
deletecontactphp
|
characters
|
PostgreSQL
|
semicolons
|
attackers
|
arbitrary
|
frontend
|
properly
|
Postaci
|
execute
|
program
|
queries
|
remote
|
filter
|
which
|
could
|
allow
|
such
|
does
|
not
|
SQL
|
via
|
The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.
klprfax_filter in KDE2 KDEUtils allows local us
klprfax_filter
|
klprfaxfilter
|
overwrite
|
arbitrary
|
temporary
|
KDEUtils
|
symlink
|
allows
|
attack
|
local
|
users
|
files
|
KDE2
|
file
|
via
|
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
The Email Sanitizer before 1.133 for Procmail a
Sanitizer
|
before
|
Email
|
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.
Integer signedness error in the Linux Socket Fi
implementation
|
signedness
|
Integer
|
Socket
|
Filter
|
error
|
Linux
|
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).
Clearswift MAILsweeper before 4.3.15 does not p
MAILsweeper
|
Clearswift
|
before
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
Clearswift MAILsweeper before 4.3.15 does not p
MAILsweeper
|
Clearswift
|
before
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
The Mobile Code filter in ZoneAlarm Pro 5.0.590
ZoneAlarm
|
filter
|
Mobile
|
Code
|
Pro
|
The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.
Buffer overflow in the auto_filter_extern funct
auto_filter_extern
|
arbitrary
|
attackers
|
NapShare
|
gnutella
|
overflow
|
response
|
function
|
execute
|
crafted
|
enabled
|
Buffer
|
extern
|
filter
|
remote
|
allows
|
autoc
|
code
|
via
|
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
Sybari Antigen 8.0 SR2 does not properly filter
attachments
|
attachment"
|
arbitrary
|
attackers
|
forwarded
|
messages
|
"Antigen
|
properly
|
Antigen
|
subject
|
message
|
bypass
|
custom
|
Sybari
|
filter
|
allows
|
remote
|
which
|
rules
|
types
|
does
|
file
|
SMTP
|
send
|
SR2
|
via
|
not
|
Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment".
The fbgs framebuffer Postscript/PDF viewer in f
Postscript/PDF
|
framebuffer
|
before
|
viewer
|
fbgs
|
fbi
|
The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.
Moodle before 1.6.2, when the configuration lac
before
|
Moodle
|
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT
PHP_FILTER_TRIM_DEFAULT
|
extension
|
filtering
|
underflow
|
Buffer
|
macro
|
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_S
ext/filter
|
PHP
|
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
libdayzero.dll in the Filter Hub Service (filte
libdayzerodll
|
Service
|
Filter
|
Hub
|
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".
Buffer overflow in the php_stream_filter_create
php_stream_filter_create
|
function
|
overflow
|
before
|
Buffer
|
PHP
|
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
CRLF injection vulnerability in the FILTER_VALI
FILTER_VALIDATE_EMAIL
|
vulnerability
|
ext/filter
|
injection
|
filter
|
CRLF
|
PHP
|
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
Buffer overflow in the user_filter_factory_crea
user_filter_factory_create
|
function
|
overflow
|
before
|
Buffer
|
PHP
|
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
Unspecified vulnerability in the attachment fil
vulnerability
|
Unspecified
|
MailServer
|
attachment
|
before
|
filter
|
Kerio
|
Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.
Software vulnerabilities results 1 to 20 of 122
Page:
1
2
3
4
5
...
7
►