Searching operator software vulnerabilities

The URLConnection function in MacOS Runtime Jav

URLConnection | function | Runtime | MacOS | Java |

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.


Vulnerabilities in IIS 4.0 and 5.0 do not prope

Vulnerabilities | cross-site | scripting | properly | against | protect | IIS | not |

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.


Variant of the "IIS Cross-Site Scripting" vulne

vulnerability | Scripting" | originally | Cross-Site | discussed | Variant | "IIS |

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.


PHP-Nuke 4.4.1a allows remote attackers to modi

attackers | password | PHP-Nuke | guessing | address | obtain | user's | remote | allows | modify | email | user | 441a |

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.


ghostscript before 6.51 allows local users to r

ghostscript | before |

ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.


The Install Wizard for nCipher MSCAPI CSP 5.50

nCipher | Install | MSCAPI | Wizard | CSP |

The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).


domesticinstall.exe for nCipher MSCAPI CSP 5.50

domesticinstallexe | nCipher | MSCAPI | CSP |

domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).


MySQL 3.23.55 and earlier creates world-writeab

MySQL |

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.


BEA WebLogic Server and Express, when using Nod

NodeManager | privileges | Operators | overwrite | passwords | usernames | provides | Operator | WebLogic | Express | servers | Server | Admin | which | allow | start | using | users | gain | BEA | may |

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.


BEA WebLogic Server and WebLogic Express 7.0 th

restrictions | unauthorized | starting | stopping | security | Operator | WebLogic | enforce | through | service | servers | Express | denial | Server | allows | roles | cause | which | users | Admin | does | site | SP5 | SP2 | BEA | not |

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).


Integer overflow in the duplication operator in

duplication | ActivePerl | attackers | operator | overflow | Integer | service | denial | allows | remote | cause |

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.


BEA WebLogic Server and Express 8.1 SP1 and ear

administrator | attributes | including | passwords | WebLogic | Operator | earlier | Express | Server | obtain | allows | MBean | local | users | role | BEA | SP1 | via |

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.


The exec_dir PHP patch (php-exec-dir) 4.3.2 thr

exec_dir | patch | PHP |

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.


Electronic Mail Operator (elmo) 1.3.2-r1 and ea

Electronic | Operator | Mail |

Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.


Unspecified vulnerability in the command line p

vulnerability | Unspecified | processing | command | line |

Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors.


Directory traversal vulnerability in includes/o

includes/operator_chattranscriptphp | vulnerability | arbitrary | attackers | Directory | traversal | possibly | remote | allows | Weedon | Scott | files | read | Ajax | Chat | via |

Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter.


Multiple SQL injection vulnerabilities in Highw

vulnerabilities | Enterprise | injection | Endpoint | Highwall | Multiple | SQL |

Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator.


The sPLT chunk handling code (png_set_sPLT func

handling | chunk | code | sPLT |

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.


The IBM TotalStorage DS400 with firmware 4.15 u

TotalStorage | firmware | DS400 | IBM |

The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000.


IBM SurePOS 500 has (1) a default password of "

SurePOS | IBM |

IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.


Software vulnerabilities results 1 to 20 of 23     
Page: 12