Searching methods software vulnerabilities

Buffer overflow in MSN Setup BBS 4.71.0.10 Acti

overflow | Buffer | Setup | BBS | MSN |

Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.


Internet Explorer 5.5 and 6.0 allows remote att

cross-domain | Verification | information | attackers | Explorer | Methods" | possibly | Internet | security | execute | domains | methods | objects | allows | "Cross | access | cached | system | Domain | bypass | remote | other | local | model | code | via | aka |

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."


The Microsoft Java implementation, as used in I

implementation | Clipboard | Microsoft | attackers | contents | Explorer | accesses | Internet | modify | applet | allows | remote | used | Java | read | via |

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.


Sharp Zaurus PDA SL-5000D and SL-5500 uses a sa

screen-locking | Securityconf | password | SL-5000D | encrypt | methods | SL-5500 | stored | easier | Zaurus | makes | which | local | users | force | Sharp | guess | brute | salt | uses | "A0" | file | via | PDA |

Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.


Next Generation POSIX Threading (NGPT) 1.9.0 us

Generation | Threading | POSIX | Next |

Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.


KvPoll 1.1 allows remote authenticated users to

clear_cookiesphp | "already_voted" | authenticated | including | various | setting | methods | allows | cookie | KvPoll | direct | remote | users | call | more | vote | once | than |

KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php.


** DISPUTED ** PHP treats unknown methods such

restrictions | demonstrated | attackers | directive | DISPUTED | intended | running | unknown | request | methods | Apache | treats | server | passes | access | "PoSt" | httpd | allow | Limit | using | which | could | such | all | GET | PHP |

** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."


The Script.prototype.freeze/thaw functionality

Scriptprototypefreeze/thaw | functionality | deserialized | scriptthaw | JavaScript | modifying | attackers | executed | function | Mozilla | earlier | methods | execute | allows | native | string | which | input | used | then |

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.


siteminderagent/SmMakeCookie.ccc in Netegrity S

siteminderagent/SmMakeCookieccc | SiteMinder | SMSESSION | parameter | attackers | Netegrity | sniffing | Referer | reading | session | methods | string | obtain | remote | places | other | which | value | allow | might | logs | URL |

siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.


AIX 4.3.3 through AIX 5.1, when direct remote l

AIX |

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.


acpRunner ActiveX 1.2.5.0 allows remote attacke

acpRunner | ActiveX |

acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.


Internet Explorer 6 allows remote attackers to

attackers | document | Internet | Explorer | blocker | object | remote | bypass | allows | popup | model | via |

Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.


Opera before 7.54 allows remote attackers to mo

before | Opera |

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.


The (1) SetDebugging and (2) RunEgatherer metho


The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.


Computer Associates (CA) Unicenter Asset Manage

Associates | Computer |

Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.


Plone 2.0.5, 2.1.2, and 2.5-beta1 does not rest

Plone |

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.


Mozilla Firefox before 1.5.0.5, Thunderbird bef

Firefox | Mozilla | before |

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.


BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 th

unauthorized | permissions | parameters | attackers | security | declares | WebLogic | methods | through | enforce | obtain | allows | remote | policy | Server | access | which | these | array | does | have | BEA | SP5 | SP6 | EJB | not |

BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.


Kaspersky Anti-Virus 6.0 and Internet Security

Anti-Virus | Kaspersky | Security | Internet | methods | exposes | unsafe |

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.


The ThunderServer.webThunder.1 ActiveX control

ThunderServerwebThunder1 | Thunderbolt | control | ActiveX | xunlei | Web |

The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.


Software vulnerabilities results 1 to 20 of 76     
Page: 1234