Searching owner software vulnerabilities

Buffer overflow in several Database Consistency

Consistency | Database | Checkers | overflow | several | Buffer |

Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.


The xp_runwebtask stored procedure in the Web T

xp_runwebtask | Microsoft | component | procedure | stored | Server | Tasks | Web | SQL |

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.


pkgadd in Sun Solaris 2.5.1 through 8 installs

Solaris | pkgadd | Sun |

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.


Floating point information leak in the context

information | processes | Floating | register | context | setting | checks | verify | allows | values | switch | point | owner | which | local | Linux | other | users | read | does | only | leak | code | 24x | MFH | not | FPH | bit | but |

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.


The systrace_exit function in the systrace util

NetBSD-current | systrace_exit | systrace | function | utility | before | April |

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.


** DISPUTED ** Mozilla Firefox 1.5.0.1, and po

DISPUTED | Firefox | Mozilla |

** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."


Multiple stack-based buffer overflows in Sybase

stack-based | Enterprise | overflows | Adaptive | Multiple | buffer | Server | Sybase |

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.


The password recovery feature (forgotpassword.a

recovery | password | feature |

The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.


mod_channel.bas in The Ignition Project ignitio

ignitionServer | mod_channelbas | Ignition | Project |

mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.


Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when

running | NetMail | Novell | Linux | group | owner | sets | 352a | 352b | 352c |

Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.


** DISPUTED ** Dragonfly Commerce allows remot

x_DragonflyCartProductPrice | modifying | attackers | Dragonfly | DISPUTED | Commerce | product | hidden | remote | allows | change | field | price |

** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem.


Group.pm in Metadot Portal Server 6.4.4 and ear

Metadot | Grouppm | Server | Portal |

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.


The default configuration of the forum package

configuration | package | publish | default | before | forum |

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before Thursday, August 18, 2005 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.


Unspecified vulnerability in util.php in Galler

authenticated | vulnerability | Unspecified | modifying | executing | involving | arbitrary | possibly | Gallery | 152-pl2 | utilphp | vectors | crafted | before | stored | allows | remote | trick | users | album | owner | link | file | data | into | code | via |

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.


Multiple format string vulnerabilities in eStar

vulnerabilities | softphone | attackers | Multiple | service | denial | remote | string | eStara | format | cause | allow | SIP |

Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).


nNetObject.cpp in Armagetron Advanced 2.8.2 and

nNetObjectcpp | Armagetron | Advanced |

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error.


Firebird 1.5 allows remote authenticated users

authenticated | permissions | overwrite | Firebird | creating | database | without | remote | SYSDBA | allows | owner | users |

Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.


The borrado function in modules/Your_Account/in

modules/Your_Account/indexphp | authenticated | arbitrary | requests | deletion | accounts | modified | function | Tru-Zone | account | borrado | remote | allows | cookie | delete | before | verify | owner | which | users | come | does | Nuke | not | fix | via |

The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.


Unspecified vulnerability in the Advanced Repli

vulnerability | Replication | Unspecified | component | Database | Advanced | Oracle |

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.2.0.1 has unknown impact and attack vectors, aka DB10. NOTE: as of Tuesday, April 24, 2007, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters.


Untrusted search path vulnerability in PostgreS

vulnerability | PostgreSQL | Untrusted | search | before | path |

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."


Software vulnerabilities results 1 to 20 of 21     
Page: 12