other software vulnerabilities
vulnerabilities.aspcode.net
Searching other software vulnerabilities
Local users can execute commands as other users
commands
|
through
|
command
|
symlink
|
package
|
execute
|
filter
|
elm-24
|
attack
|
users'
|
other
|
users
|
using
|
files
|
Local
|
read
|
mail
|
can
|
Elm
|
Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack.
super 3.11.6 and other versions have a buffer o
super
|
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
An account on a router, firewall, or other netw
firewall
|
password
|
network
|
default
|
account
|
missing
|
device
|
router
|
blank
|
other
|
null
|
has
|
An account on a router, firewall, or other network device has a default, null, blank, or missing password.
A Unix account with a name other than "root" ha
privileges
|
account
|
"root"
|
other
|
root
|
name
|
Unix
|
than
|
has
|
UID
|
A Unix account with a name other than "root" has UID 0, i.e. root privileges.
The default configuration of Slackware 3.4, and
configuration
|
Slackware
|
versions
|
includes
|
possibly
|
default
|
other
|
The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.
POP2 or POP3 server (pop3d) in imap-uw IMAP pac
server
|
POP3
|
POP2
|
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
qpopper POP server creates lock files with pred
predictable
|
creates
|
service
|
qpopper
|
server
|
allows
|
denial
|
other
|
users
|
cause
|
local
|
files
|
names
|
which
|
lock
|
POP
|
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
MSN Messenger Service 3.6, and possibly other v
authentication
|
exchanging
|
Messenger
|
attackers
|
messages
|
versions
|
possibly
|
between
|
Service
|
clients
|
allows
|
remote
|
users
|
spoof
|
other
|
which
|
weak
|
uses
|
MSN
|
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
lv reads a .lv file from the current working di
directories
|
directory
|
malicious
|
arbitrary
|
commands
|
placing
|
execute
|
current
|
working
|
allows
|
files
|
other
|
which
|
reads
|
users
|
local
|
into
|
file
|
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
Internet Explorer 6 SP1 and earlier allows remo
CVE-2003-1027
|
vulnerability
|
windowmoveBy
|
HijackClick
|
different
|
behaviors
|
attackers
|
Internet
|
Explorer
|
actions
|
calling
|
windows
|
earlier
|
remote
|
direct
|
method
|
allows
|
other
|
mouse
|
click
|
drag
|
than
|
drop
|
SP1
|
aka
|
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
attachment.html in Merak Mail Server 7.4.5 with
attachmenthtml
|
Server
|
Merak
|
Mail
|
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
Opera Browser 7.23, and other versions before 7
Browser
|
Opera
|
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
Hyper-Threading technology, as used in FreeBSD
Hyper-Threading
|
cryptographic
|
information
|
processors
|
technology
|
malicious
|
sensitive
|
execution
|
operating
|
channels
|
monitor
|
threads
|
FreeBSD
|
systems
|
Pentium
|
memory
|
misses
|
timing
|
obtain
|
attack
|
thread
|
allows
|
covert
|
create
|
other
|
Intel
|
cache
|
users
|
local
|
used
|
keys
|
such
|
use
|
via
|
run
|
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
fopen_wrappers.c in PHP 4.4.0, and possibly oth
fopen_wrappersc
|
PHP
|
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
A "missing request validation" error in phpBB 2
validation"
|
"missing
|
request
|
before
|
phpBB
|
error
|
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
The register_globals emulation in phpMyAdmin 2.
register_globals
|
phpMyAdmin
|
emulation
|
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
Unspecified vulnerabilities in Zen Cart before
vulnerabilities
|
Unspecified
|
before
|
Cart
|
Zen
|
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
The VisNetic AntiVirus Plug-in (DKAVUpSch.exe)
AntiVirus
|
VisNetic
|
Plug-in
|
The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges.
Buffer overflow in the localtime_r function, an
localtime_r
|
environment
|
functions
|
arbitrary
|
variable
|
possibly
|
versions
|
function
|
overflow
|
certain
|
execute
|
allows
|
Buffer
|
users
|
B1111
|
HP-UX
|
local
|
other
|
libc
|
long
|
code
|
via
|
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
Zend Platform 2.2.3 and earlier has incorrect o
Platform
|
Zend
|
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
Software vulnerabilities results 1 to 20 of 1747
Page:
1
2
3
4
5
...
88
►