Searching next file software vulnerabilities

Vulnerability in NeXT 1.0a and 1.0 with publicl

Vulnerability | combination | permissions | privileges | accessible | directory | publicly | printers | program | allows | users | local | gain | weak | NeXT | 10a | via | npd |

Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.


Vulnerability in restore0.9 installation script

Vulnerability | installation | privileges | restore09 | allows | script | users | local | root | gain | NeXT | 10a |

Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges.


ndcgi.exe in Netdynamics 4.x through 5.x, and p

SPIDERSESSION | uniqueValue | Netdynamics | attackers | variables | sessions | ndcgiexe | possibly | versions | reading | session | earlier | through | remote | allows | hijack | login | after | field | steal | using | those | logs | next | user | then | IDs |

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.


Next Generation POSIX Threading (NGPT) 1.9.0 us

Generation | Threading | POSIX | Next |

Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.


Absolute path traversal vulnerability in main.c

vulnerability | Wireless-B | arbitrary | next_file | attackers | parameter | traversal | pathname | Internet | Absolute | maincgi | Linksys | remote | Camera | WVC11B | allows | Video | files | path | read | via |

Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.


Cross-site scripting (XSS) vulnerability in mai

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.


Multiple buffer overflows in unace 1.2b allow a

arbitrary | attackers | overflows | Multiple | execute | buffer | unace | allow | code | via | 12b |

Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.


eGroupWare 1.0.6 and earlier, when an e-mail is

eGroupWare |

eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.


SQL injection vulnerability in password.asp in

vulnerability | MaxWebPortal | passwordasp | injection | SQL |

SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and Monday, April 18, 2005 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.


Safari in Mac OS X 10.3.9 and 10.4.2 submits fo

Safari | Mac |

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.


Memory leak in the seq_file implemenetation in

implemenetation | interface | seq_file | procfs | Memory | leak | SCSI |

Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.


The PORTAL schema in Oracle Application Server

Application | Server | Oracle | PORTAL | schema |

The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).


Cross-site scripting vulnerability in index.php

vulnerability | Generation | Cross-site | scripting | indexphp | Gallery | Image | Next |

Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter.


Heap-based buffer overflow in the NeXT RLE deco

Heap-based | overflow | decoder | library | buffer | TIFF | NeXT | RLE |

Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.


** DISPUTED ** The source code tar archive of

DISPUTED | archive | kernel | source | Linux | code | tar |

** DISPUTED ** The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of Friday, September 08, 2006 indicates that permissions will only be weak under certain unusual or insecure scenarios.


index.php in Wheatblog (wB) allows remote attac

Wheatblog | indexphp |

index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.


Mozilla Firefox does not properly implement Jav

JavaScript | implement | hierarchy | attackers | onUnload | handlers | location | properly | certain | Mozilla | context | visited | Firefox | allows | access | client | remote | which | next | site | does | code | not | run | web | DOM |

Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.


SQL injection vulnerability in default.asp in N

vulnerability | defaultasp | Portfolio | attackers | arbitrary | injection | commands | execute | Manager | allows | remote | Next | via | SQL | Gen |

SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.


Buffer overflow in the Next Hop Resolution Prot

Resolution | Protocol | overflow | Buffer | Next | Hop |

Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.


Buffer overflow in Next Generation Software Vir

Generation | overflow | Software | Virtual | Buffer | Next |

Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.


Software vulnerabilities results 1 to 20 of 4299     
Page: 12345...215