Searching performing software vulnerabilities

The CVS 1.10.8 server does not properly restric

CVS |

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.


ProFTPD 1.2.2rc2, and possibly other versions,

reverse-resolved | resolution | performing | hostnames | incorrect | attackers | hostname | properly | possibly | versions | forward | ProFTPD | remote | bypass | 122rc2 | allows | verify | logged | client | cause | which | other | does | ACLs | not |

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.


Adobe eBook Reader allows a user to bypass rest

restrictions | performing | operations | restoring | original | backing | Reader | allows | bypass | eBook | files | Adobe | print | data | copy | user | lend | give | key |

Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.


HP-UX 11.11 and earlier allows local users to c

HP-UX |

HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file.


Motorola Surfboard 4200 cable modem allows remo

Surfboard | Motorola |

Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap.


The ISAPI extension in BadBlue 1.7 through 2.2,

authentication | performing | attackers | extension | modifies | filename | versions | security | possibly | letters | through | BadBlue | earlier | instead | allows | remote | bypass | first | ISAPI | after | which | check | hts | ats | two | via |

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.


Mozilla Firefox before the Preview Release, Moz

Release | Preview | Mozilla | Firefox | before |

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.


SalesLogix 6.1 does not verify if a user is aut

authenticated | performing | operations | SalesLogix | sensitive | attackers | remote | verify | before | could | allow | which | does | user | not |

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.


Novell NetWare 6.5 SP 1.1, when installing or u

installation | information | performing | installing | upgrading | sensitive | includes | password | OpenSSH | NetWare | Overlay | Novell | custom | using | CDs |

Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.


AS/400 running OS400 5.2 installs and enables L

authenticated | performing | profiles | installs | default | running | enables | search | obtain | OS/400 | allows | AS/400 | remote | OS400 | which | users | user | LDAP |

AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.


Squid 2.5.STABLE10 and earlier, while performin

authentication | performing | 25STABLE10 | attackers | sequences | properly | request | certain | service | earlier | allows | denial | handle | Squid | cause | while | which | NTLM | does | not |

Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).


fusermount in FUSE before 2.4.1, if installed s

fusermount | before | FUSE |

fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.


Cross-site scripting (XSS) vulnerability in Sea

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.


Cross-site scripting (XSS) vulnerability in Rev

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.


SQL injection vulnerability in D2-Shoutbox 4.2

vulnerability | D2-Shoutbox | performing | attackers | parameter | injection | arbitrary | Invision | Shoutbox | commands | execute | through | allows | action | remote | Board | Power | load | via | SQL |

SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).


Oracle Database 9.2.0.0 to 10.2.0.3 allows loca

Database | Oracle |

Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search.


Algorithmic complexity vulnerability in Hiki Wi

vulnerability | Algorithmic | complexity | Wiki | Hiki |

Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.


Algorithmic complexity vulnerability in FreeSty

vulnerability | Algorithmic | complexity | FreeStyle | before | Wiki |

Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.


The Jedox Palo 1.5 client transmits the passwor

demonstrated | performing | cleartext | attackers | transmits | starting | sniffing | password | network | opening | plugin | Insert | client | remote | obtain | which | Jedox | allow | might | Excel | View | cube | Palo |

The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.


Software vulnerabilities results 1 to 20 of 51     
Page: 123