opened software vulnerabilities
vulnerabilities.aspcode.net
Searching opened software vulnerabilities
Opera 6.0 and earlier allows remote attackers t
information
|
setTimeout
|
Javascript
|
sensitive
|
attackers
|
earlier
|
domains
|
cookies
|
allows
|
remote
|
access
|
other
|
Opera
|
links
|
uses
|
such
|
via
|
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
Outlook Express 6.0, with "Do not allow attachm
attachments
|
potentially
|
forwarded
|
arbitrary
|
attackers
|
messages
|
execute
|
enabled
|
Express
|
Outlook
|
remote
|
opened
|
virus"
|
allow
|
which
|
could
|
saved
|
block
|
email
|
code
|
does
|
not
|
"Do
|
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
** DISPUTED ** The mod_php module for the Apac
intercepting
|
demonstrated
|
descriptors
|
connections
|
server's
|
incoming
|
DISPUTED
|
signals
|
scripts
|
sending
|
mod_php
|
process
|
Apache
|
Server
|
module
|
allows
|
signal
|
access
|
write
|
group
|
local
|
users
|
port
|
then
|
HTTP
|
file
|
STOP
|
send
|
TCP
|
PHP
|
use
|
** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
Kaspersky 3.x to 4.x allows remote attackers to
compressed
|
protection
|
antivirus
|
attackers
|
Kaspersky
|
prevent
|
headers
|
opened
|
global
|
target
|
remote
|
allows
|
bypass
|
system
|
which
|
being
|
local
|
file
|
both
|
zero
|
does
|
via
|
not
|
set
|
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Eset Anti-Virus before 1.020 (16th September 20
Anti-Virus
|
before
|
Eset
|
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
RAV antivirus allows remote attackers to bypass
protection
|
compressed
|
attackers
|
antivirus
|
headers
|
prevent
|
global
|
opened
|
remote
|
allows
|
system
|
target
|
bypass
|
which
|
being
|
local
|
zero
|
both
|
file
|
does
|
via
|
RAV
|
not
|
set
|
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Sophos Anti-Virus before 3.87.0, and Sophos Ant
Anti-Virus
|
before
|
Sophos
|
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Archive::Zip Perl module before 1.14, when used
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
SUSE Linux before 9.1 and SUSE Linux Enterprise
unauthorized
|
activities
|
associated
|
Enterprise
|
read-only
|
commands
|
properly
|
firmware
|
devices
|
conduct
|
opened
|
modify
|
Server
|
before
|
check
|
users
|
Linux
|
write
|
local
|
which
|
could
|
allow
|
been
|
SUSE
|
SCSI
|
sent
|
have
|
not
|
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
IglooFTP 0.6.1, when recursively uploading a di
IglooFTP
|
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
NullSoft Winamp 5.02 allows remote attackers to
NullSoft
|
Winamp
|
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
Firefox before 1.0 and Mozilla before 1.7.5 all
Mozilla
|
Firefox
|
before
|
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
viewforum.php in Ultimate PHP Board (UPB) 1.8 t
viewforumphp
|
Ultimate
|
Board
|
PHP
|
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.
Cross-site scripting (XSS) vulnerability in Ope
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
Multiple interpretation error in unspecified ve
interpretation
|
unspecified
|
executable
|
malicious
|
detection
|
BitZipper
|
malformed
|
corrupted
|
specially
|
attackers
|
Antivirus
|
Kaspersky
|
PowerZip
|
versions
|
Multiple
|
rejected
|
products
|
central
|
headers
|
crafted
|
opened
|
remote
|
Winrar
|
bypass
|
though
|
allows
|
Winzip
|
local
|
error
|
still
|
which
|
virus
|
they
|
file
|
such
|
even
|
via
|
RAR
|
can
|
Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
Multiple interpretation error in unspecified ve
interpretation
|
unspecified
|
BitDefender
|
executable
|
detection
|
BitZipper
|
malicious
|
malformed
|
corrupted
|
specially
|
attackers
|
Antivirus
|
Multiple
|
versions
|
PowerZip
|
products
|
rejected
|
central
|
headers
|
crafted
|
opened
|
remote
|
Winrar
|
bypass
|
though
|
allows
|
Winzip
|
local
|
error
|
still
|
which
|
virus
|
they
|
file
|
such
|
even
|
via
|
RAR
|
can
|
Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
Multiple interpretation error in unspecified ve
interpretation
|
unspecified
|
executable
|
malicious
|
detection
|
BitZipper
|
malformed
|
corrupted
|
specially
|
attackers
|
Antivirus
|
Multiple
|
versions
|
PowerZip
|
products
|
rejected
|
headers
|
central
|
crafted
|
opened
|
remote
|
Winrar
|
bypass
|
though
|
allows
|
Winzip
|
NOD32
|
error
|
virus
|
still
|
which
|
local
|
they
|
file
|
such
|
even
|
via
|
RAR
|
can
|
Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
Multiple interpretation error in unspecified ve
interpretation
|
unspecified
|
executable
|
malicious
|
detection
|
BitZipper
|
malformed
|
corrupted
|
specially
|
attackers
|
Antivirus
|
Multiple
|
versions
|
PowerZip
|
products
|
rejected
|
headers
|
central
|
crafted
|
opened
|
remote
|
Winrar
|
bypass
|
though
|
F-Prot
|
allows
|
Winzip
|
error
|
virus
|
still
|
which
|
local
|
they
|
file
|
such
|
even
|
via
|
RAR
|
can
|
Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
Multiple interpretation error in unspecified ve
interpretation
|
unspecified
|
executable
|
malicious
|
detection
|
BitZipper
|
malformed
|
corrupted
|
specially
|
attackers
|
Antivirus
|
Multiple
|
versions
|
PowerZip
|
products
|
rejected
|
headers
|
central
|
crafted
|
opened
|
remote
|
Winrar
|
bypass
|
though
|
allows
|
Winzip
|
Avast
|
error
|
virus
|
still
|
which
|
local
|
they
|
file
|
such
|
even
|
via
|
RAR
|
can
|
Multiple interpretation error in unspecified versions of Avast Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
HyperAccess 8.4 allows user-assisted remote att
user-assisted
|
HyperAccess
|
attackers
|
arbitrary
|
vbscript
|
commands
|
session
|
execute
|
allows
|
remote
|
via
|
HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer.
Software vulnerabilities results 1 to 20 of 50
Page:
1
2
3
►