plain software vulnerabilities
vulnerabilities.aspcode.net
Searching plain software vulnerabilities
FTPPro allows local users to read sensitive inf
information
|
sensitive
|
allows
|
FTPPro
|
stored
|
local
|
plain
|
which
|
users
|
text
|
read
|
FTPPro allows local users to read sensitive information, which is stored in plain text.
Alexis 2.0 and 2.1 in COM2001 InternetPBX store
InternetPBX
|
com2001ini
|
voicemail
|
passwords
|
distance
|
COM2001
|
Alexis
|
stores
|
allow
|
local
|
users
|
could
|
other
|
plain
|
which
|
calls
|
long
|
text
|
file
|
make
|
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
WinMySQLadmin 1.1 stores the MySQL password in
WinMySQLadmin
|
unathorized
|
database
|
password
|
allows
|
access
|
stores
|
obtain
|
users
|
local
|
plain
|
MySQL
|
which
|
myini
|
text
|
file
|
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
Internet Explorer 5.x and 6 interprets an objec
applications
|
Content-Type
|
cross-site
|
text/plain
|
interprets
|
scripting
|
documents
|
arbitrary
|
attackers
|
document
|
possibly
|
Explorer
|
Internet
|
attacks
|
prevent
|
through
|
execute
|
object
|
expect
|
remote
|
script
|
could
|
which
|
allow
|
MIME
|
even
|
type
|
does
|
user
|
HTML
|
its
|
not
|
web
|
use
|
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
Opera, when configured with the "Determine acti
Content-Type
|
applications
|
configured
|
interprets
|
cross-site
|
"Determine
|
text/plain
|
arbitrary
|
scripting
|
attackers
|
documents
|
document
|
disabled
|
possibly
|
execute
|
prevent
|
attacks
|
through
|
expect
|
script
|
action
|
option
|
object
|
remote
|
type"
|
allow
|
which
|
Opera
|
could
|
MIME
|
type
|
even
|
does
|
user
|
HTML
|
web
|
its
|
not
|
use
|
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
LocalWEB2000 HTTP server 2.1.0 stores passwords
LocalWEB2000
|
server
|
HTTP
|
LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst.
The print-from-email feature in the Canon Image
print-from-email
|
ImageRUNNER
|
feature
|
Canon
|
The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25.
The MIME transformation system (transformations
transformation
|
system
|
MIME
|
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
pstotext before 1.8g does not properly use the
Ghostscript
|
PostScript
|
"-dSAFER"
|
arbitrary
|
attackers
|
malicious
|
pstotext
|
commands
|
properly
|
extract
|
execute
|
calling
|
before
|
allows
|
remote
|
option
|
plain
|
which
|
files
|
file
|
does
|
text
|
via
|
18g
|
PDF
|
use
|
not
|
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.
Unspecified vulnerability in the www_add method
vulnerability
|
Unspecified
|
Assetpm
|
www_add
|
WebGUI
|
method
|
Black
|
Plain
|
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form.
Directory traversal vulnerability in index.php
vulnerability
|
Imageview
|
arbitrary
|
attackers
|
traversal
|
Directory
|
indexphp
|
execute
|
allows
|
remote
|
files
|
local
|
read
|
via
|
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function.
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to
Kmail
|
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
Cross-site scripting (XSS) vulnerability in Pla
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.
Cross-site scripting (XSS) vulnerability in Ope
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.
The www_purgeList method in Plain Black WebGUI
www_purgeList
|
WebGUI
|
before
|
method
|
Plain
|
Black
|
The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.
Directory traversal vulnerability in the Plain
vulnerability
|
Webserver
|
Directory
|
traversal
|
Plain
|
Old
|
Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
The viewList function in lib/WebGUI/Asset/Wobje
lib/WebGUI/Asset/Wobject/DataFormpm
|
viewList
|
function
|
WebGUI
|
before
|
Plain
|
Black
|
The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.
Software vulnerabilities results 1 to 20 of 26
Page:
1
2
►