Searching policies software vulnerabilities

Microsoft Windows 2000 before Service Pack 2 (S

Microsoft | Windows |

Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.


Novell Groupwise 5.5 (sp1 and sp2) allows a rem

Groupwise | Novell |

Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.


The File Blocker feature in Clearswift MAILswee

Content-Type | MAILsweeper | attachment | Clearswift | attackers | filtering | policies | modified | feature | Blocker | header | remote | allows | e-mail | bypass | SMTP | name | File | via |

The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header.


An undocumented extension for the Servlet mappi

specification | undocumented | upgrading | extension | WebLogic | mappings | Service | through | Express | Servlet | Server | Pack | BEA |

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.


Clearswift MAILsweeper for SMTP 4.3.6 SP1 does

MAILsweeper | Clearswift | SMTP |

Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.


Microsoft Windows XP Pro SP2 and Windows 2000 S

Microsoft | Windows | SP2 | Pro |

Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.


Microsoft ISA Server 2000 allows remote attacke

Microsoft | Server | ISA |

Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.


Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.

Shorewall | before | 24x |

Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.


The Server Admin tool in servermgr_ipfilter for

servermgr_ipfilter | Server | Admin | tool | Mac |

The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.


Microsoft Windows 2000 before Update Rollup 1 f

Microsoft | Windows |

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.


Novell ZENworks for Desktops 4.0.1, ZENworks fo

Desktops | ZENworks | Novell |

Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.


Check Point VPN-1 SecureClient NG with Applicat

SecureClient | Intelligence | Application | downloaded | modifying | attackers | security | localscv | Endpoint | policies | allows | policy | remote | bypass | after | Check | Point | VPN-1 | local | been | copy | file | VPN | FP1 | has | R56 |

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.


Unspecified vulnerability in BEA WebLogic Serve

Administration | Administrator | vulnerability | Unspecified | protecting | resources | incorrect | prevents | policies | security | properly | WebLogic | Console | Express | created | Server | custom | causes | which | uses | JNDI | BEA | add |

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.


Unspecified vulnerability in the WebLogic Serve

Administration | vulnerability | Unspecified | correctly | attackers | prevents | policies | WebLogic | intended | security | Console | setting | bypass | custom | Server | allow | which | could | JDBC | BEA |

Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies.


Teredo clients, when source routing is enabled,

source-routed | encapsulated | recognize | attackers | gateways | policies | Internet | certain | packets | routing | clients | enabled | Teredo | bypass | remote | packet | header | source | which | might | allow | send | IPv6 | drop | next | hop | all |

Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.


login in util-linux-2.12a skips pam_acct_mgmt a

util-linux-212a | authentication | pam_acct_mgmt | established | chauth_tok | enforced | intended | policies | Kerberos | skipped | session | krlogin | access | bypass | skips | would | login | users | which | might | allow | such | been | has |

login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.


BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 doe

authorization | unauthorized | activities | malformed | attackers | AquaLogic | back-end | messages | services | properly | requests | policies | conduct | Service | request | bypass | reject | remote | other | route | which | proxy | allow | might | does | BEA | Bus | not |

BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.


The JMS Server in BEA WebLogic Server 6.1 throu

protected | attackers | security | enforces | policies | requests | back-end | WebLogic | through | remote | allows | direct | queues | Server | access | front | which | SP6 | SP5 | JMS | via | end | BEA | SP7 |

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.


The Administration Console in BEA WebLogic Expr

administrative | Administration | arbitrary | properly | Security | Policies | Deployer | WebLogic | certain | Express | Console | enforce | allows | remote | upload | Domain | Server | users | which | files | role | does | not | BEA |

The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.


Multiple race conditions in the (1) Sudo monito

conditions | Multiple | race |

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.


Software vulnerabilities results 1 to 20 of 24     
Page: 12