opens software vulnerabilities
vulnerabilities.aspcode.net
Searching opens software vulnerabilities
Seattle Labs Emurl 2.0, and possibly earlier ve
attachments
|
attachment
|
directory
|
scripting
|
recipient
|
malicious
|
specific
|
possibly
|
versions
|
enabled
|
execute
|
message
|
Seattle
|
earlier
|
allows
|
e-mail
|
stores
|
which
|
Emurl
|
opens
|
file
|
Labs
|
ASP
|
Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.
dumpreg in Red Hat Linux 5.1 opens /dev/mem wit
/dev/mem
|
service
|
dumpreg
|
access
|
denial
|
allows
|
O_RDWR
|
local
|
users
|
cause
|
opens
|
which
|
Linux
|
Red
|
Hat
|
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
Windows 98 and Windows 2000 Java clients allow
Windows
|
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
Microsoft Internet Information Server (IIS) 4.0
Information
|
Microsoft
|
Internet
|
Server
|
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
Norton Internet Security 2001 opens log files w
Security
|
Internet
|
Norton
|
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.
Assistant
|
Trolltech
|
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 an
Cable/DSL
|
EtherFast
|
BEFSRU31
|
firmware
|
BEFSR41
|
Linksys
|
BEFSR11
|
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers go gain access.
sudoedit (aka sudo -e) in sudo 1.6.8 opens a te
sudoedit
|
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
gen-index in GNATS 4.0, 4.1.0, and possibly ear
gen-index
|
GNATS
|
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
The mail client in Opera before 8.50 opens atta
before
|
client
|
Opera
|
mail
|
The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.
yiff server (yiff-server) 2.14.2 on Debian GNU/
server
|
yiff
|
yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
Directory traversal vulnerability in Vis.pl, as
vulnerability
|
arbitrary
|
attackers
|
traversal
|
Directory
|
product
|
CONTROL
|
remote
|
allows
|
Vispl
|
files
|
read
|
FACE
|
part
|
via
|
Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p.
Microsoft Excel allows user-assisted attackers
user-assisted
|
automatically
|
spreadsheet
|
javascript
|
arbitrary
|
Shockwave
|
Microsoft
|
attackers
|
embedded
|
executed
|
redirect
|
ActiveX
|
execute
|
Player
|
Object
|
allows
|
which
|
users
|
Excel
|
sites
|
Flash
|
opens
|
user
|
via
|
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
The popup blocker in Mozilla Firefox before 1.5
Mozilla
|
Firefox
|
blocker
|
before
|
popup
|
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
The Xinput module (modules/im/ximcp/imLcIm.c) i
module
|
Xinput
|
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
FRAgent.exe in Mandiant First Response (MFR) be
FRAgentexe
|
Response
|
Mandiant
|
First
|
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
Software vulnerabilities results 1 to 17 of 17
Page:
1