own software vulnerabilities
vulnerabilities.aspcode.net
Searching own software vulnerabilities
Joe's Own Editor (joe) 2.8 sets the world-reada
Editor
|
Joe's
|
Own
|
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH
environmental
|
directories
|
CLASSPATH
|
malicious
|
arbitrary
|
system's
|
variable
|
IBMHSSSB
|
ikeyman
|
include
|
execute
|
Trojan
|
allows
|
user's
|
before
|
class
|
horse
|
which
|
local
|
root
|
sets
|
user
|
code
|
own
|
via
|
IBM
|
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
Buffer overflow in GNU Chess (gnuchess) 5.02 an
overflow
|
Buffer
|
Chess
|
GNU
|
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.
The getCanonicalPath function in Windows NT 4.0
getCanonicalPath
|
corruption
|
attackers
|
function
|
Windows
|
service
|
denial
|
allows
|
memory
|
which
|
cause
|
free
|
does
|
heap
|
may
|
not
|
own
|
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
The SSL HTTP Server in HP Web-enabled Managemen
Web-enabled
|
Management
|
Software
|
through
|
Server
|
HTTP
|
SSL
|
The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.
ApplyYourself i-Class allows remote attackers t
ApplicantDecisionasp
|
ApplyYourself
|
applications
|
demonstrated
|
information
|
attackers
|
parameter
|
sensitive
|
reusing
|
i-Class
|
hidden
|
remote
|
obtain
|
allows
|
using
|
their
|
field
|
own
|
ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp.
Unspecified vulnerability in Positive Software
vulnerability
|
Corporation
|
Unspecified
|
Software
|
Positive
|
CP+
|
Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to has unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.
** DISPUTED ** Cross-site scripting (XSS) vuln
Cross-site
|
scripting
|
DISPUTED
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED.
Untrusted search path vulnerability in the True
vulnerability
|
TrueVector
|
Untrusted
|
service
|
search
|
path
|
Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.
The Motorola PEBL U6, the Motorola V600, and po
attackers
|
Bluetooth
|
Motorola
|
possibly
|
device's
|
devices
|
trusted
|
device
|
phones
|
target
|
remote
|
other
|
their
|
allow
|
entry
|
V600
|
list
|
E398
|
PEBL
|
add
|
own
|
The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack.
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "
GNOME
|
GDM
|
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
cPanel does not automatically synchronize the P
automatically
|
configuration
|
restrictions
|
open_basedir
|
directories
|
synchronize
|
directive
|
physical
|
virtual
|
between
|
bypass
|
access
|
cPanel
|
server
|
script
|
allow
|
other
|
local
|
might
|
hosts
|
share
|
which
|
uses
|
does
|
user
|
main
|
URL
|
PHP
|
not
|
via
|
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
Darren's $5 Script Archive osDate 1.1.7 and ear
Darren's
|
Archive
|
osDate
|
Script
|
Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10.
Niels Provos libevent 1.2 and 1.2a allows remot
attackers
|
libevent
|
service
|
remote
|
denial
|
Provos
|
allows
|
Niels
|
cause
|
12a
|
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
The Network Analysis Module (NAM) in Cisco Cata
Analysis
|
Network
|
Module
|
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
** DISPUTED ** Multiple cross-site scripting (
cross-site
|
scripting
|
DISPUTED
|
Multiple
|
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages.
Unspecified vulnerability in the ADSCHEMA utili
vulnerability
|
SecureLogin
|
Unspecified
|
ADSCHEMA
|
utility
|
Novell
|
Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."
RSAuction 2.73.1.3 allows remote authenticated
RSAuction
|
RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
** DISPUTED ** Guidance Software EnCase does n
Software
|
properly
|
DISPUTED
|
Guidance
|
handle
|
EnCase
|
does
|
not
|
** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own.
The WebAdmin interface in TeamSpeak Server 2.0.
TeamSpeak
|
interface
|
WebAdmin
|
Server
|
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.
Software vulnerabilities results 1 to 20 of 22
Page:
1
2
►