placed software vulnerabilities
vulnerabilities.aspcode.net
Searching placed software vulnerabilities
Borderware Firewall Server 6.1.2 allows remote
Borderware
|
Firewall
|
Server
|
Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.
The rendering engine in Internet Explorer deter
independently
|
automatically
|
determines
|
scripting
|
specified
|
rendering
|
normally
|
Explorer
|
Internet
|
servers
|
support
|
execute
|
server
|
script
|
placed
|
remote
|
allows
|
engine
|
whose
|
which
|
MIME
|
text
|
such
|
does
|
file
|
type
|
not
|
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
Buffer overflow in backup utility of Microsoft
Microsoft
|
attackers
|
extension
|
arbitrary
|
overflow
|
filename
|
execute
|
causing
|
utility
|
Windows
|
Buffer
|
placed
|
backed
|
folder
|
allows
|
backup
|
long
|
code
|
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
Directory traversal vulnerability in Microsoft
vulnerability
|
hex-encoded
|
characters
|
containing
|
Directory
|
arbitrary
|
attackers
|
Microsoft
|
backslash
|
traversal
|
execute
|
Windows
|
Player
|
allows
|
remote
|
Media
|
skins
|
code
|
file
|
URL
|
via
|
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
Unspecified vulnerability in Microsoft Excel 20
vulnerability
|
Unspecified
|
Microsoft
|
Excel
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
** DISPUTED ** SQL injection vulnerability in
vulnerability
|
Management
|
injection
|
DISPUTED
|
Intranet
|
Program
|
Virtual
|
SQL
|
VCS
|
** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue." Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher.
Stack-based buffer overflow in Python 2.4.2 and
Stack-based
|
overflow
|
Python
|
buffer
|
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.
** DISPUTED ** Multiple PHP remote file inclus
inclusions
|
Multiple
|
DISPUTED
|
Ariadne
|
remote
|
file
|
PHP
|
** DISPUTED ** Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file.
Software vulnerabilities results 1 to 9 of 9
Page:
1