Searching location software vulnerabilities

The DCC server command in the Mirc 5.5 client d

characters | different | malicious | attackers | commands | allowing | properly | location | possibly | attacker | doesn't | command | execute | client | server | remote | filter | names | place | Mirc | file | DCC |

The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.


Microsoft FrontPage stores form results in a de

/_private/form_resultstxt | world-readable | information | accessible | attackers | FrontPage | Microsoft | sensitive | submitted | possibly | document | location | results | default | remote | stores | allows | users | which | other | root | read | form |

Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.


Buffer overflow in the RealNetworks RealPlayer

RealNetworks | RealPlayer | attackers | versions | overflow | Location | service | denial | client | Buffer | allows | remote | cause | long | URL | via |

Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.


Internet Software Solutions Air Messenger LAN S

Solutions | Messenger | Internet | Software | Server | LAN | Air |

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.


Bugzilla before 2.14 includes the username and

Bugzilla | before |

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.


Opera 6.01, 6.0, and 5.12 allows remote attacke

Opera |

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.


Nokia Electronic Documentation (NED) 5.0 allows

Documentation | Electronic | Nokia |

Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).


Nokia Electronic Documentation (NED) 5.0 allows

Documentation | Electronic | Nokia |

Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.


CRLF injection vulnerability in Aprelium Abyss

vulnerability | injection | Aprelium | Server | Abyss | CRLF | Web |

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.


Buffer overflow in the HTTP parser for MPlayer

overflow | MPlayer | earlier | 10pre3 | Buffer | parser | HTTP |

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.


Stack-based buffer overflow in pavuk 0.9pl28, 0

Stack-based | arbitrary | versions | possibly | overflow | Location | execute | header | remote | allows | 09pl27 | 09pl28 | buffer | pavuk | other | sites | HTTP | long | code | web | via |

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.


The WebBrowser ActiveX control, or the Internet

WebBrowser | rendering | Explorer | Internet | ActiveX | control | engine | HTML |

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.


The mod_dav module in Apache 2.0.50 and earlier

mod_dav | Apache | module |

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.


The mod_ssl module in Apache 2.0.35 through 2.0

mod_ssl | Apache | module |

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.


BadBlue 2.4 allows remote attackers to obtain t

installation | phptestphp | attackers | resulting | location | includes | pathname | request | BadBlue | remote | allows | obtain | source | server | which | HTML | path | via |

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.


Format string vulnerability in ProZilla 1.3.7.3

vulnerability | ProZilla | Format | string |

Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.


Microsoft Internet Explorer 5.01 and 6 allows c

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."


Microsoft Internet Explorer 6 allows remote att

attackers | Microsoft | Explorer | Internet | service | denial | allows | remote | cause |

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | Advanced | Transfer | Manager | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.


Mozilla Firefox might allow remote attackers to

attackers | phishing | spoofing | conduct | writing | attacks | Firefox | Mozilla | remote | might | allow |

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.


Software vulnerabilities results 1 to 20 of 119     
Page: 123456