permitted software vulnerabilities
vulnerabilities.aspcode.net
Searching permitted software vulnerabilities
Format string vulnerability in the permitted fu
libgtop_daemon
|
vulnerability
|
permitted
|
function
|
libgtop
|
Format
|
string
|
GNOME
|
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
Buffer overflow in the permitted function of GN
permitted
|
function
|
overflow
|
daemon
|
Buffer
|
GNOME
|
gtop
|
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
Cross-site scripting (XSS) vulnerability in php
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
Adobe Macromedia MX 2004 products, Captivate, C
Macromedia
|
Adobe
|
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
Cross-site scripting (XSS) vulnerability in php
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.
opiepasswd in One-Time Passwords in Everything
Everything
|
opiepasswd
|
Passwords
|
One-Time
|
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before Wednesday, March 22, 2006 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
admin/change.php in ProNews 1.5 does not check
admin/changephp
|
information
|
permitted
|
attackers
|
possibly
|
impacts
|
ProNews
|
whether
|
allows
|
remote
|
delete
|
within
|
change
|
other
|
items
|
check
|
which
|
have
|
does
|
item
|
news
|
user
|
add
|
not
|
admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Untrusted search path vulnerability in PostgreS
vulnerability
|
PostgreSQL
|
Untrusted
|
search
|
before
|
path
|
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
index.php in vtiger CRM before 5.0.3 allows rem
indexphp
|
before
|
vtiger
|
CRM
|
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
Software vulnerabilities results 1 to 10 of 10
Page:
1