pkg software vulnerabilities
vulnerabilities.aspcode.net
Searching pkg software vulnerabilities
pkg_add in FreeBSD 4.2 through 4.4 creates a te
world-searchable
|
world-writable
|
installation
|
permissions
|
directory
|
temporary
|
through
|
package
|
FreeBSD
|
pkg_add
|
creates
|
modify
|
during
|
parts
|
allow
|
which
|
users
|
local
|
may
|
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
Multiple buffer overflows in realtime operating
overflows
|
operating
|
Multiple
|
realtime
|
system
|
buffer
|
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
Multiple buffer overflows in (1) phrelay-cfg, (
overflows
|
Multiple
|
buffer
|
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
Multiple symlink vulnerabilities in portupgrade
vulnerabilities
|
portupgrade
|
20041226_2
|
Multiple
|
FreeBSD
|
symlink
|
before
|
users
|
local
|
allow
|
Multiple symlink vulnerabilities in portupgrade before Sunday, December 26, 2004_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
PHP remote file inclusion vulnerability in coin
coin_includes/dbphp
|
vulnerability
|
inclusion
|
phpCOIN
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.
Directory traversal vulnerability in coin_inclu
coin_includes/dbphp
|
vulnerability
|
Directory
|
traversal
|
phpCOIN
|
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.
phpCOIN 1.2.2 allows remote attackers to obtain
phpCOIN
|
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
The do_gameinfo function in BomberClone 0.11.6
BomberClone
|
do_gameinfo
|
function
|
The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
PHP remote file inclusion vulnerability in coin
coin_includes/constantsphp
|
vulnerability
|
inclusion
|
phpCOIN
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
phpCOIN
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Buffer overflow in McAfee ePolicy Orchestrator
Orchestrator
|
overflow
|
ePolicy
|
before
|
Buffer
|
McAfee
|
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
Multiple unspecified vulnerabilities in XMLDB c
vulnerabilities
|
unspecified
|
component
|
Database
|
Multiple
|
Oracle
|
XMLDB
|
Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of Monday, October 23, 2006, Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG, and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
Format string vulnerability in Apple Installer
vulnerability
|
Installer
|
Format
|
string
|
Apple
|
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
** DISPUTED ** PHP remote file inclusion vulne
_CCFG['_PKG_PATH_MDLS']
|
modules/mail/indexphp
|
vulnerability
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
DISPUTED
|
execute
|
earlier
|
phpCOIN
|
remote
|
allows
|
code
|
RC-1
|
file
|
PHP
|
via
|
URL
|
** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached.
Software vulnerabilities results 1 to 16 of 16
Page:
1