Searching output software vulnerabilities

Tnef program in Linux systems allows remote att

decompressed | attachments | compressed | attackers | overwrite | arbitrary | absolute | encoded | systems | specify | program | allows | remote | output | names | Linux | files | which | Tnef | path | via |

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.


Cross-site scripting vulnerability in Internet

vulnerability | Cross-site | attackers | arbitrary | scripting | Internet | Extended | cleansed | properly | Explorer | earlier | execute | server | output | script | remote | allows | whose | HTML | Form | via | not |

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.


Cross-site scripting vulnerability in Opera 6.0

vulnerability | Cross-site | arbitrary | attackers | scripting | Extended | properly | cleansed | earlier | execute | server | output | script | remote | allows | Opera | whose | HTML | Form | via | not |

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.


Vignette Story Server 4.1 and 6.0 allows remote

information | attackers | sensitive | Vignette | contains | request | number | allows | remote | Server | obtain | large | Story | '"' | via |

Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.


The Java logging feature for the Java Virtual M

Systemoutprintln | functions | arbitrary | Internet | Explorer | pathname | feature | logging | execute | Virtual | Machine | writes | output | which | known | Java | code | such | used | can |

The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.


Nagios 1.0b1 through 1.0b3 allows remote attack

metacharacters | attackers | arbitrary | commands | execute | through | plugin | Nagios | remote | allows | output | shell | 10b3 | 10b1 | via |

Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.


The Video Control Panel on SGI O2/IRIX 6.5, whe

attackers | videoout | session | console | "Output | Default | Control | videoin | O2/IRIX | running | access | Video" | allows | Panel | Video | Input | then | set | SGI |

The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin.


mod_cgid in Apache before 2.0.48, when using a

mod_cgid | before | Apache |

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.


Format string vulnerability in the monitor "mem

vulnerability | "memory | command | monitor | Format | string | dump" | VICE |

Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.


Multiple buffer overflows in sharutils 4.2.1 an

overflows | sharutils | Multiple | buffer |

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.


Extcompose in metamail does not verify the outp

Extcompose | arbitrary | overwrite | metamail | writing | symlink | allows | before | verify | attack | output | files | users | which | local | does | file | not | via |

Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.


Cross-site scripting (XSS) vulnerability in 'ra

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.


mod_python (libapache2-mod-python) 3.1.4 and ea

mod_python |

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.


The UserLogin control in BEA WebLogic Portal 8.

attackers | incorrect | UserLogin | password | standard | WebLogic | attempt | correct | control | through | Service | easier | prints | Portal | output | could | guess | login | which | made | make | Pack | BEA |

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.


The (1) kantiword (kantiword.sh) and (2) gantiw


The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.


Apache Derby before 10.1.2.1 exposes the (1) us

before | Apache | Derby |

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.


Chipmailer 1.09 allows remote attackers to obta

Chipmailer |

Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function.


Format string vulnerability in the flush_output

ConsoleStreambufcpp | vulnerability | flush_output | function | Network | Engine | string | Format | Game |

Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | NEWSolved | Multiple | USOLVED | remote | file | Lite | PHP |

Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.


Flyspray 0.9.9, when output_buffering is disabl

Flyspray |

Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.


Software vulnerabilities results 1 to 20 of 52     
Page: 123