original software vulnerabilities
vulnerabilities.aspcode.net
Searching original software vulnerabilities
DPEC Online Courseware allows an attacker to ch
Courseware
|
password
|
attacker
|
original
|
another
|
knowing
|
without
|
user's
|
Online
|
allows
|
change
|
DPEC
|
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
The Windows NT scheduler uses the drive mapping
interactive
|
privileges
|
currently
|
providing
|
scheduler
|
original
|
mapping
|
Windows
|
system
|
Trojan
|
logged
|
allows
|
place
|
batch
|
horse
|
which
|
drive
|
local
|
file
|
uses
|
gain
|
onto
|
user
|
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
ssdpsrv.exe in Windows ME allows remote attacke
ssdpsrvexe
|
Discovery
|
attackers
|
newlines
|
multiple
|
Protocol
|
sending
|
service
|
Windows
|
Simple
|
remote
|
allows
|
denial
|
cause
|
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
The original patch for the Cisco Content Servic
original
|
Service
|
Content
|
Switch
|
patch
|
Cisco
|
The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549.
Adobe eBook Reader allows a user to bypass rest
restrictions
|
performing
|
operations
|
restoring
|
original
|
backing
|
Reader
|
allows
|
bypass
|
eBook
|
files
|
Adobe
|
print
|
data
|
copy
|
user
|
lend
|
give
|
key
|
Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.
nethack 3.4.0 and earlier installs certain setg
nethack
|
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
Prevx Home 1.0 allows local users with adminstr
\device\physicalmemory
|
ServiceTable
|
adminstrator
|
privileges
|
prevention
|
intrusion
|
restores
|
directly
|
original
|
kernel's
|
features
|
running
|
writing
|
allows
|
bypass
|
Prevx
|
users
|
which
|
local
|
Home
|
SDT
|
Prevx Home 1.0 allows local users with adminstrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.
PF in certain OpenBSD versions, when stateful f
interfaces
|
filtering
|
interface
|
attackers
|
versions
|
original
|
intended
|
stateful
|
session
|
OpenBSD
|
enabled
|
certain
|
spoofed
|
packets
|
filters
|
bypass
|
packet
|
allows
|
remote
|
other
|
limit
|
which
|
does
|
via
|
not
|
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
Sophos Anti-Virus 3.78 allows remote attackers
Anti-Virus
|
Sophos
|
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
Xconfig in Hummingbird Exceed before 9.0.0.1, w
Hummingbird
|
Xconfig
|
before
|
Exceed
|
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
DiamondCS Process Guard Free 2.000 allows local
DiamondCS
|
Process
|
Guard
|
Free
|
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
** DISPUTED ** Nessus 2.0.10a stores account p
passwords
|
plaintext
|
DISPUTED
|
nessusrc
|
account
|
obtain
|
allows
|
Nessus
|
stores
|
local
|
users
|
2010a
|
files
|
which
|
** DISPUTED ** Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue.
The patch for integer overflow vulnerabilities
vulnerabilities
|
overflow
|
integer
|
patch
|
Xpdf
|
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Linksys WET11 1.5.4 allows remote attackers to
Linksys
|
WET11
|
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
Directory traversal vulnerability in gunzip -N
vulnerability
|
Directory
|
traversal
|
gunzip
|
gzip
|
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
SQL injection vulnerability in login.asp in liv
vulnerability
|
livingmailing
|
arbitrary
|
attackers
|
injection
|
commands
|
loginasp
|
password
|
execute
|
allows
|
remote
|
SQL
|
via
|
SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement is no longer available.
eZ publish 3.4.4 through 3.7 before 20050722 ap
publish
|
eZ publish 3.4.4 through 3.7 before Friday, July 22, 2005 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
Destiney Links Script 2.1.2 does not protect li
Destiney
|
Script
|
Links
|
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories.
Directory traversal vulnerability in Particle L
vulnerability
|
Directory
|
traversal
|
Particle
|
Links
|
Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure.
Kile before 1.9.3 does not assign a backup file
before
|
Kile
|
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.
Software vulnerabilities results 1 to 20 of 171
Page:
1
2
3
4
5
...
9
►