modifies software vulnerabilities
vulnerabilities.aspcode.net
Searching modifies software vulnerabilities
Internet Explorer 5.5 and 6 with the Q312461 (M
Explorer
|
Internet
|
Q312461
|
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.
PHP, when not configured with the "display_erro
"display_errors
|
configured
|
accessible
|
directive
|
attackers
|
physical
|
modifies
|
directly
|
trailing
|
produces
|
contains
|
request
|
setting
|
program
|
message
|
include
|
allows
|
remote
|
obtain
|
causes
|
phpini
|
error
|
which
|
slash
|
fail
|
path
|
Off"
|
base
|
file
|
PHP
|
not
|
via
|
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
send_message.php in AeroMail before 1.45 allows
send_messagephp
|
AeroMail
|
before
|
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
Phorum 3.3.2a allows remote attackers to execut
arbitrary
|
attackers
|
commands
|
request
|
execute
|
Phorum
|
allows
|
remote
|
HTTP
|
332a
|
via
|
Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
Internet Explorer 4.0 and later allows remote a
Datasource
|
arbitrary
|
attackers
|
Internet
|
Explorer
|
accesses
|
legacy
|
applet
|
allows
|
remote
|
files
|
later
|
read
|
page
|
web
|
via
|
XML
|
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
Unknown vulnerability in IPV6 functionality for
functionality
|
vulnerability
|
Unknown
|
daemons
|
IPV6
|
DCE
|
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
Belkin F5D5230-4 4-Port Cable/DSL Gateway Route
Cable/DSL
|
F5D5230-4
|
Gateway
|
Router
|
Belkin
|
4-Port
|
Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server.
The ISAPI extension in BadBlue 1.7 through 2.2,
authentication
|
performing
|
attackers
|
extension
|
modifies
|
filename
|
versions
|
security
|
possibly
|
letters
|
through
|
BadBlue
|
earlier
|
instead
|
allows
|
remote
|
bypass
|
first
|
ISAPI
|
after
|
which
|
check
|
hts
|
ats
|
two
|
via
|
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
Microsoft Internet Explorer 6 allows remote att
historyback
|
facilitate
|
Javascript
|
attackers
|
NullyFake
|
Microsoft
|
phishing
|
Internet
|
previous
|
Explorer
|
modifies
|
Location
|
navigate
|
invalid
|
address
|
attacks
|
remote
|
allows
|
domain
|
field
|
spoof
|
uses
|
then
|
aka
|
bar
|
URI
|
via
|
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
A design flaw in image processing software that
potentially
|
information
|
processing
|
thumbnail
|
sensitive
|
original
|
software
|
modifies
|
removed
|
visual
|
design
|
images
|
modify
|
could
|
which
|
image
|
might
|
main
|
been
|
flaw
|
JPEG
|
EXIF
|
leak
|
lead
|
had
|
not
|
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
SQL injection vulnerability in Invision Power B
vulnerability
|
injection
|
Invision
|
Board
|
Power
|
SQL
|
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
Heap-based buffer overflow in Apple Quicktime b
Heap-based
|
Quicktime
|
overflow
|
before
|
buffer
|
Apple
|
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
The IPv6 flow label handling code (ip6_flowlabe
handling
|
label
|
code
|
IPv6
|
flow
|
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.
SQL injection vulnerability in index.php in Lim
vulnerability
|
injection
|
indexphp
|
Limbo
|
CMS
|
SQL
|
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
Direct static code injection vulnerability in e
vulnerability
|
injection
|
Calendar
|
editphp
|
Project
|
static
|
Direct
|
code
|
ACal
|
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182.
Ruby on Rails before 1.1.5 allows remote attack
before
|
Rails
|
Ruby
|
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
Firefox Sage extension 1.3.8 and earlier allows
extension
|
Firefox
|
Sage
|
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
Apple Safari 3.0.1 beta (522.12.12) on Windows
Safari
|
Apple
|
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
Adobe Integrated Runtime (AIR, aka Apollo) allo
Integrated
|
Runtime
|
Adobe
|
Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.
The "Extended properties for entries" (entrypro
properties
|
"Extended
|
entries"
|
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
Software vulnerabilities results 1 to 20 of 22
Page:
1
2
►