passing software vulnerabilities
vulnerabilities.aspcode.net
Searching passing software vulnerabilities
inetd in AIX 4.1.5 dynamically assigns a port N
inetd
|
AIX
|
inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
The Javascript "Same Origin Policy" (SOP), as i
Javascript
|
Policy"
|
Origin
|
"Same
|
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
exit.c in Linux kernel 2.6-test9-CVS, as stored
__WCLONE|__WALL
|
kernelbkbitsnet
|
26-test9-CVS
|
privileges
|
sys_wait4
|
backdoor
|
modified
|
function
|
passing
|
elevate
|
contain
|
stored
|
kernel
|
their
|
which
|
Linux
|
exitc
|
could
|
users
|
local
|
allow
|
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
The safe mode checks in PHP 4.x to 4.3.9 and PH
checks
|
mode
|
safe
|
PHP
|
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
OpenText FirstClass 8.0 client does not properl
ShellExecute
|
FirstClass
|
attackers
|
arbitrary
|
OpenText
|
bookmark
|
commands
|
sanitize
|
properly
|
Windows
|
execute
|
strings
|
passing
|
remote
|
client
|
allows
|
before
|
which
|
does
|
path
|
them
|
API
|
UNC
|
not
|
via
|
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
The native implementations of InstallTrigger an
implementations
|
InstallTrigger
|
functions
|
Firefox
|
native
|
before
|
other
|
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
Raw character devices (raw.c) in the Linux kern
character
|
devices
|
Raw
|
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
The pkt_ioctl function in the pktcdvd block dev
pkt_ioctl
|
function
|
handler
|
pktcdvd
|
device
|
ioctl
|
block
|
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
Cisco IOS before 12.3-7-JA2 on Aironet Wireless
123-7-JA2
|
Wireless
|
Aironet
|
Points
|
Access
|
before
|
Cisco
|
IOS
|
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.
** DISPUTED ** ld.so in FreeBSD, NetBSD, and p
distributions
|
environment
|
privileges
|
variables
|
processes
|
DISPUTED
|
possibly
|
certain
|
harmful
|
loading
|
passing
|
FreeBSD
|
allows
|
NetBSD
|
remove
|
users
|
other
|
local
|
which
|
does
|
ldso
|
gain
|
not
|
BSD
|
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
Buffer underflow in the header function in PHP
underflow
|
function
|
header
|
Buffer
|
PHP
|
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
mod_jk in Apache Tomcat JK Web Server Connector
Connector
|
before
|
Server
|
mod_jk
|
Apache
|
Tomcat
|
12x
|
Web
|
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Unspecified vulnerability in the strfreectty fu
vulnerability
|
strfreectty
|
Unspecified
|
function
|
Special
|
System
|
File
|
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
Software vulnerabilities results 1 to 14 of 14
Page:
1