points software vulnerabilities
vulnerabilities.aspcode.net
Searching points software vulnerabilities
A system is running a version of software that
distribution
|
software
|
replaced
|
running
|
version
|
points
|
system
|
Trojan
|
Horse
|
such
|
one
|
its
|
A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
Untrusted search path vulnerability in day5data
day5datacopier
|
vulnerability
|
environment
|
arbitrary
|
malicious
|
Untrusted
|
variable
|
modified
|
commands
|
execute
|
program
|
search
|
points
|
allows
|
local
|
users
|
path
|
IRIX
|
via
|
SGI
|
Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.
abuse.console in Red Hat 2.1 uses relative path
abuseconsole
|
pathnames
|
arbitrary
|
commands
|
relative
|
program
|
execute
|
points
|
allows
|
Trojan
|
users
|
horse
|
local
|
undrv
|
which
|
path
|
uses
|
find
|
Red
|
Hat
|
via
|
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
itetris/xitetris 1.6.2 and earlier trusts the P
itetris/xitetris
|
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
objects.inc.php4 in BLNews 2.1.3 allows remote
objectsincphp4
|
BLNews
|
objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site.
Microsoft Internet Explorer 6.0 SP2 allows remo
legitimate
|
attackers
|
Microsoft
|
contains
|
phishing
|
Internet
|
Explorer
|
followed
|
conduct
|
element
|
points
|
attack
|
remote
|
allows
|
anchor
|
status
|
spoof
|
BASE
|
site
|
page
|
SP2
|
bar
|
URL
|
web
|
via
|
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
Format string vulnerability in IBM Informix Dyn
vulnerability
|
Informix
|
Dynamic
|
Server
|
string
|
Format
|
IBM
|
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.
The copy_symlink function in rsnapshot 1.2.0 an
copy_symlink
|
rsnapshot
|
function
|
The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files.
Tor client before 0.1.1.20 prefers entry points
before
|
client
|
Tor
|
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
The consume_labels function in avahi-core/dns.c
avahi-core/dnsc
|
consume_labels
|
function
|
before
|
Avahi
|
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
Untrusted search path vulnerability in lamdaemo
vulnerability
|
lamdaemonpl
|
Untrusted
|
Account
|
Manager
|
search
|
path
|
LDAP
|
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
Untrusted search path vulnerability in writecon
vulnerability
|
writeconfig
|
Untrusted
|
search
|
Apple
|
path
|
Mac
|
Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.
Untrusted search path vulnerability in Rumpus 5
vulnerability
|
privileges
|
Untrusted
|
malicious
|
modified
|
earlier
|
program
|
search
|
points
|
allows
|
Rumpus
|
users
|
local
|
ipfw
|
path
|
gain
|
via
|
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
Panda Software Antivirus before 20070402 allows
Antivirus
|
Software
|
before
|
Panda
|
Panda Software Antivirus before Monday, April 02, 2007 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
avpack32.dll before 7.3.0.6 in Avira AntiVir al
avpack32dll
|
before
|
avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
avast! antivirus before 4.7.981 allows remote a
antivirus
|
before
|
avast
|
avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unzoo.c, as used in multiple products including
including
|
products
|
multiple
|
AMaViS
|
unzooc
|
used
|
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
ScramDisk 4 Linux before 1.0-1 does not perform
privileges
|
permission
|
container
|
ScramDisk
|
directory
|
perform
|
points
|
system
|
allows
|
before
|
checks
|
users
|
point
|
using
|
which
|
mount
|
local
|
Linux
|
10-1
|
gain
|
does
|
not
|
ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.
WinAce allows remote attackers to cause a denia
attackers
|
service
|
denial
|
WinAce
|
allows
|
remote
|
cause
|
WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
PicoZip allows remote attackers to cause a deni
attackers
|
PicoZip
|
service
|
denial
|
allows
|
remote
|
cause
|
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Software vulnerabilities results 1 to 20 of 47
Page:
1
2
3
►