marked software vulnerabilities
vulnerabilities.aspcode.net
Searching marked software vulnerabilities
SystemSoft SystemWizard package in HP Pavilion
SystemWizard
|
references
|
SystemSoft
|
operating
|
scripting
|
arbitrary
|
malicious
|
platforms
|
attackers
|
controls
|
commands
|
Pavilion
|
possibly
|
installs
|
execute
|
Windows
|
package
|
ActiveX
|
systems
|
remote
|
marked
|
allows
|
other
|
which
|
page
|
safe
|
web
|
via
|
two
|
SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control.
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2
Kodak/Wang
|
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
The ixsso.query ActiveX Object is marked as saf
determines
|
ixssoquery
|
operators
|
scripting
|
malicious
|
existence
|
visiting
|
remotely
|
Windows
|
ActiveX
|
script
|
marked
|
Object
|
allows
|
files
|
which
|
embed
|
safe
|
site
|
web
|
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
Cisco IOS 11.x and 12.0 through 12.2 allows rem
Cisco
|
11x
|
IOS
|
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
The WrapNISUM ActiveX component (WrapUM.dll) in
component
|
WrapNISUM
|
ActiveX
|
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2
show_bugcgi
|
Bugzilla
|
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
Clearswift MIMEsweeper 5.0.5, when it has been
MIMEsweeper
|
Clearswift
|
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
The Microsoft Log Sink Class ActiveX control in
pkmcoredll
|
scripting"
|
Microsoft
|
attackers
|
arbitrary
|
Internet
|
Explorer
|
control
|
ActiveX
|
allows
|
append
|
create
|
remote
|
marked
|
"safe
|
files
|
which
|
Class
|
Sink
|
Log
|
The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, an
Bugzilla
|
217x
|
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
WebArchiveX.dll 5.5.0.76 installed before Septe
WebArchiveXdll
|
WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is
WeOnlyDo
|
SFTP
|
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.
Adobe LiveCycle Workflow 7.01 and LiveCycle For
LiveCycle
|
Workflow
|
Adobe
|
Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system.
The Symantec NAVOPTS.DLL ActiveX control (aka S
NAVOPTSDLL
|
Symantec
|
control
|
ActiveX
|
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
Unspecified vulnerability in the BEA WebLogic S
vulnerability
|
Unspecified
|
Enterprise
|
September
|
Netscape
|
WebLogic
|
plug-in
|
Server
|
before
|
proxy
|
BEA
|
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.
The SpamBlocker.dll ActiveX control in Earthlin
SpamBlockerdll
|
TotalAccess
|
scripting"
|
whitelist
|
addresses
|
arbitrary
|
attackers
|
Earthlink
|
domains
|
control
|
ActiveX
|
blocker
|
e-mail
|
allows
|
remote
|
marked
|
"safe
|
which
|
spam
|
via
|
add
|
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.
Directory traversal vulnerability in session.rb
vulnerability
|
sessionrb
|
Directory
|
traversal
|
Hiki
|
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
Software vulnerabilities results 1 to 17 of 17
Page:
1