installation software vulnerabilities

Searching installation software vulnerabilities

The installation of Sun Source (sunsrc) tapes a

The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.

The installation of 1ArcServe Backup and Inocul

The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

Vulnerability in restore0.9 installation script

Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.

An installation of Red Hat uses DES password en

installation | encryption | password | uses | Red | Hat | DES |

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

The installation of Tumbleweed Messaging Manage

The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.

Buffer overflow in admintool in Solaris 2.6, 7,

Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.

The installation of Tarantella Enterprise 3 all

The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.

Unknown vulnerability in Mac OS X 10.3.4, relat

vulnerability | Unknown | Mac |

Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.

The install scripts in SugarCRM Sugar Sales 2.0

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

The installation confirmation dialog in Firefox

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

Directory traversal vulnerability in 04WebServe

vulnerability | 04WebServer | Directory | traversal |

Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder.

The default installation of Horde 3.0.4 contain

installation | default | Horde |

The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.

post.php in XMB 1.9.2 allows remote attackers t

postphp | XMB |

post.php in XMB 1.9.2 allows remote attackers to obtain the installation path via an invalid fid parameter in a newthread action.

DISPUTED dotProject 2.0.1 and earlier lea

dotProject | DISPUTED |

** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php.

Software vulnerabilities results 1 to 20 of 231

Page: 12 3 4 5...12 ►

installation software vulnerabilities

vulnerabilities.aspcode.net