mapping software vulnerabilities
vulnerabilities.aspcode.net
Searching mapping software vulnerabilities
The Windows NT scheduler uses the drive mapping
interactive
|
privileges
|
currently
|
providing
|
scheduler
|
original
|
mapping
|
Windows
|
system
|
Trojan
|
logged
|
allows
|
place
|
batch
|
horse
|
which
|
drive
|
local
|
file
|
uses
|
gain
|
onto
|
user
|
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
The Javascript "Same Origin Policy" (SOP), as i
Javascript
|
Policy"
|
Origin
|
"Same
|
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
Videsh Sanchar Nigam Limited (VSNL) Integrated
Limited
|
Sanchar
|
Videsh
|
Nigam
|
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
CVS 1.12 and earlier on Debian GNU/Linux does n
CVS
|
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
Sysinternals PsTools before 2.05, including (1)
Sysinternals
|
PsTools
|
before
|
Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.
Prevx Pro 2005 1.0 allows local users to bypass
Prevx
|
Pro
|
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
Race condition in Linux 2.6, when threads are s
condition
|
CLONE_VM
|
sharing
|
mapping
|
threads
|
memory
|
Linux
|
Race
|
via
|
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
Buffer overflow in an unspecified Oracle Client
unspecified
|
attackers
|
arbitrary
|
overflow
|
service
|
execute
|
utility
|
Oracle
|
Buffer
|
Client
|
denial
|
remote
|
cause
|
might
|
allow
|
code
|
Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are enough inconsistencies that the mapping can not be made authoritatively.
Teredo clients, when located behind a restricte
traditional
|
restricted
|
connection
|
attackers
|
establish
|
guessing
|
required
|
clients
|
without
|
mapping
|
inbound
|
located
|
client
|
Teredo
|
behind
|
remote
|
allow
|
find
|
port
|
NAT
|
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.
Format string vulnerability in the afsacl.so VF
vulnerability
|
afsaclso
|
module
|
Format
|
string
|
Samba
|
VFS
|
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
The VNC server implementation in QEMU, as used
implementation
|
demonstrated
|
environments
|
unspecified
|
arbitrary
|
operating
|
possibly
|
monitor
|
mapping
|
vectors
|
related
|
device
|
system
|
allows
|
server
|
other
|
users
|
CDROM
|
guest
|
files
|
local
|
mode
|
QEMU
|
read
|
host
|
used
|
VNC
|
via
|
Xen
|
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
The LLTD Mapper in Microsoft Windows Vista does
responses
|
attackers
|
Microsoft
|
properly
|
packets
|
service
|
Windows
|
remote
|
allows
|
Mapper
|
denial
|
gather
|
Vista
|
cause
|
which
|
LLTD
|
does
|
EMIT
|
not
|
The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
CA Anti-Virus for the Enterprise r8 and Threat
Enterprise
|
Anti-Virus
|
Manager
|
before
|
Threat
|
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before Thursday, May 10, 2007 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
libvorbis 1.1.2, and possibly other versions be
libvorbis
|
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
Multiple stack-based buffer overflows in the Ea
stack-based
|
overflows
|
Resource
|
Multiple
|
NCSView
|
control
|
ActiveX
|
Mapping
|
buffer
|
before
|
Earth
|
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
Software vulnerabilities results 1 to 16 of 16
Page:
1