otherwise software vulnerabilities
vulnerabilities.aspcode.net
Searching otherwise software vulnerabilities
ping in iputils before 20001010, as distributed
iputils
|
before
|
ping
|
ping in iputils before Tuesday, October 10, 2000, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
eEye SecureIIS versions 1.0.3 and earlier allow
SecureIIS
|
versions
|
eEye
|
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
POP3Lite before 0.2.4 does not properly quote a
POP3Lite
|
before
|
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
Foundry Networks ServerIron switches do not dec
vulnerabilities
|
inaccessible
|
ServerIron
|
otherwise
|
attackers
|
different
|
"url-map"
|
intended
|
switches
|
Networks
|
applying
|
traffic
|
Foundry
|
exploit
|
forward
|
server
|
switch
|
easier
|
decode
|
which
|
rules
|
would
|
could
|
cause
|
make
|
than
|
URIs
|
not
|
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
Cross-site scripting (XSS) vulnerability in JAW
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
FrontRange GoldMine mail agent 5.70 and 6.00 be
FrontRange
|
GoldMine
|
agent
|
mail
|
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
Internet Explorer 5.01 through 6 SP1 allows rem
Explorer
|
Internet
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
describecomponents.cgi in Bugzilla 2.17.3 and 2
describecomponentscgi
|
Bugzilla
|
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
Buffer overflow in the extract_one function fro
extract_one
|
attackers
|
arbitrary
|
function
|
overflow
|
execute
|
lhextc
|
Buffer
|
allow
|
code
|
long
|
via
|
LHA
|
may
|
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
The addslashes function in PHP 4.3.9 does not p
addslashes
|
function
|
PHP
|
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
The Solaris Management Console (SMC) in Sun Sol
Management
|
Console
|
Solaris
|
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inacessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
Certain system calls in Apple Mac OS X 10.4.1 d
Certain
|
system
|
Apple
|
calls
|
Mac
|
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.
Mail.app in Mac OS 10.4.2 and earlier, when pri
Mailapp
|
Mac
|
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
The parse_str function in PHP 4.x up to 4.4.0 a
parse_str
|
function
|
PHP
|
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
** DISPUTED ** Buffer overflow in mIRC 5.91, 6.
overflow
|
DISPUTED
|
Buffer
|
mIRC
|
** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.
Microsoft Internet Explorer 5.01, 5.5, and 6 al
Microsoft
|
Explorer
|
Internet
|
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
** DISPUTED ** Buffer overflow in the font comm
overflow
|
probably
|
DISPUTED
|
command
|
Buffer
|
mIRC
|
font
|
** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.
Fuji Xerox Printing Systems (FXPS) print engine
Printing
|
Systems
|
Xerox
|
Fuji
|
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before Wednesday, June 28, 2006 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.
OWASP Stinger before 2.5 allows remote attacker
form-urlencoded
|
validation
|
multipart
|
attackers
|
routines
|
requests
|
Stinger
|
instead
|
encoded
|
allows
|
before
|
bypass
|
remote
|
OWASP
|
input
|
using
|
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.
Software vulnerabilities results 1 to 20 of 20
Page:
1
2
►