normal software vulnerabilities
vulnerabilities.aspcode.net
Searching normal software vulnerabilities
FreeBSD 4.5 and earlier, and possibly other BSD
descriptors
|
restricted
|
BSD-based
|
operating
|
possibly
|
FreeBSD
|
closing
|
earlier
|
systems
|
allows
|
files
|
local
|
other
|
users
|
write
|
read
|
file
|
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
SSH 1 through 3, and possibly other versions, a
world-writeable
|
restricted
|
directory
|
uploading
|
executing
|
possibly
|
versions
|
through
|
normal
|
access
|
script
|
shells
|
bypass
|
allows
|
local
|
other
|
shell
|
rbash
|
users
|
gain
|
such
|
rksh
|
then
|
SSH
|
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
Joe Testa hellbent 01 allows remote attackers t
attackers
|
determine
|
directory
|
generates
|
includes
|
hellbent
|
relative
|
request
|
root's
|
remote
|
allows
|
parent
|
which
|
Testa
|
root
|
path
|
full
|
Joe
|
GET
|
via
|
web
|
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
OpenSSL does not use RSA blinding by default, w
determining
|
differences
|
attackers
|
blinding
|
server's
|
private
|
OpenSSL
|
factors
|
default
|
obtain
|
timing
|
allows
|
remote
|
using
|
which
|
local
|
does
|
not
|
key
|
RSA
|
use
|
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Happycgi.com Happymall 4.3 and 4.4 allows remot
metacharacters
|
Happycgicom
|
arbitrary
|
parameter
|
attackers
|
Happymall
|
commands
|
execute
|
allows
|
remote
|
shell
|
file
|
via
|
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
Directory traversal vulnerability in normal_htm
normal_htmlcgi
|
vulnerability
|
Happycgicom
|
arbitrary
|
attackers
|
Happymall
|
Directory
|
traversal
|
allows
|
remote
|
files
|
read
|
via
|
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
Cross-site scripting (XSS) vulnerability in nor
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter.
Microsoft SQL Server before Windows 2000 SP4 al
Microsoft
|
Windows
|
before
|
Server
|
SQL
|
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
phpScheduleIt 1.0.0 RC1 does not clear administ
phpScheduleIt
|
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
PeerSec MatrixSSL before 1.1 does not implement
context-dependent
|
determining
|
differences
|
attackers
|
implement
|
MatrixSSL
|
server's
|
blinding
|
factors
|
private
|
PeerSec
|
before
|
timing
|
allows
|
obtain
|
using
|
which
|
does
|
RSA
|
key
|
not
|
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Safari in Mac OS X 10.3.9 and 10.4.2, when rend
Safari
|
Mac
|
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
Safari in WebKit in Mac OS X 10.4 to 10.4.2 dir
WebKit
|
Safari
|
Mac
|
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
** DISPUTED ** MySQL 5.0.18 allows local users
DISPUTED
|
MySQL
|
** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access.
phpGraphy 0.9.11 and earlier allows remote atta
phpGraphy
|
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
** DISPUTED ** Integer overflow in banner/bann
banner/bannerc
|
overflow
|
DISPUTED
|
OpenBSD
|
FreeBSD
|
Integer
|
memory
|
modify
|
NetBSD
|
banner
|
users
|
might
|
allow
|
local
|
long
|
via
|
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.
The comment_form_add_preview function in commen
comment_form_add_preview
|
commentmodule
|
function
|
before
|
Drupal
|
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Software vulnerabilities results 1 to 20 of 25
Page:
1
2
►