place software vulnerabilities
vulnerabilities.aspcode.net
Searching place software vulnerabilities
The DCC server command in the Mirc 5.5 client d
characters
|
different
|
malicious
|
attackers
|
commands
|
allowing
|
properly
|
location
|
possibly
|
attacker
|
doesn't
|
command
|
execute
|
client
|
server
|
remote
|
filter
|
names
|
place
|
Mirc
|
file
|
DCC
|
The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.
The Windows NT scheduler uses the drive mapping
interactive
|
privileges
|
currently
|
providing
|
scheduler
|
original
|
mapping
|
Windows
|
system
|
Trojan
|
logged
|
allows
|
place
|
batch
|
horse
|
which
|
drive
|
local
|
file
|
uses
|
gain
|
onto
|
user
|
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
The default configuration of McAfee VirusScan 4
configuration
|
"commonexe"
|
improperly
|
ImagePath
|
VirusScan
|
variable
|
program
|
default
|
search
|
allows
|
Trojan
|
McAfee
|
place
|
users
|
horse
|
quote
|
which
|
local
|
does
|
sets
|
path
|
not
|
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
The vty layer in Quagga before 0.96.4, and Zebr
Quagga
|
before
|
layer
|
vty
|
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
A race condition in the at command for Solaris
arbitrary
|
condition
|
argument
|
through
|
command
|
Solaris
|
delete
|
allows
|
files
|
local
|
users
|
race
|
via
|
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
The iTAN Online-Banking Security System allows
man-in-the-middle
|
Online-Banking
|
attackers
|
Security
|
numbers
|
obtain
|
System
|
allows
|
remote
|
iTAN
|
via
|
TAN
|
The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack.
Kolab Server 2.0.0 and 2.0.1 does not properly
Server
|
Kolab
|
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.
The 802.11 wireless client in certain operating
The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place.
The Symantec NAVOPTS.DLL ActiveX control (aka S
NAVOPTSDLL
|
Symantec
|
control
|
ActiveX
|
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
IBM WebSphere Application Server (WAS) before 6
Application
|
WebSphere
|
Server
|
IBM
|
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
** DISPUTED ** Jelsoft vBulletin 3.5.4 allows
vBulletin
|
DISPUTED
|
Jelsoft
|
** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level."
The processor_request function in the debugger
processor_request
|
perform_request
|
authentication
|
unauthorized
|
DataRescue
|
attackers
|
debugger
|
function
|
invoking
|
actions
|
perform
|
before
|
allows
|
remote
|
verify
|
server
|
place
|
which
|
taken
|
does
|
Pro
|
IDA
|
has
|
not
|
The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.
Multiple integer signedness errors in the print
signedness
|
function
|
Multiple
|
integer
|
family
|
before
|
errors
|
printf
|
PHP
|
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.
The Snom 320 SIP Phone, running snom320 linux 3
Snom
|
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.
The embedded Internet Explorer server control i
Messenger
|
Explorer
|
embedded
|
Internet
|
Instant
|
control
|
server
|
AOL
|
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.
Software vulnerabilities results 1 to 16 of 16
Page:
1