policy software vulnerabilities
vulnerabilities.aspcode.net
Searching policy software vulnerabilities
Some filters or firewalls allow fragmented SYN
implemented
|
fragmented
|
firewalls
|
violation
|
reserved
|
packets
|
filters
|
policy
|
their
|
allow
|
Some
|
bits
|
SYN
|
Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.
A Windows NT account policy for passwords has i
security-critical
|
inappropriate
|
uniqueness
|
passwords
|
settings
|
password
|
Windows
|
account
|
policy
|
length
|
has
|
age
|
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
A Windows NT system's user audit policy does no
Management
|
Shutdown
|
Tracking
|
Security
|
system's
|
success
|
failure
|
Changes
|
Restart
|
Process
|
Windows
|
Access
|
Rights
|
policy
|
Object
|
System
|
Logoff
|
audit
|
event
|
Logon
|
Group
|
does
|
File
|
user
|
not
|
Use
|
log
|
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.
A Windows NT system's file audit policy does no
security-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
A Windows NT system's file audit policy does no
non-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
A Windows NT system's registry audit policy doe
security-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
A Windows NT system's registry audit policy doe
non-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
A Windows NT account policy has inappropriate,
security-critical
|
inappropriate
|
settings
|
attempts
|
duration
|
lockout
|
account
|
Windows
|
policy
|
logon
|
after
|
etc
|
has
|
bad
|
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
A Windows NT account policy does not forcibly d
disconnect
|
forcibly
|
Windows
|
account
|
remote
|
expire
|
server
|
policy
|
logon
|
hours
|
their
|
users
|
does
|
not
|
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.
Internet Explorer 5.0 and 5.01 allows remote at
Explorer
|
Internet
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
The IFRAME of the WebBrowser control in Interne
WebBrowser
|
Internet
|
Explorer
|
control
|
IFRAME
|
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
Check Point Firewall-1 3.0b through 4.0 SP1 fol
world-writable
|
Firewall-1
|
privileges
|
compiling
|
temporary
|
symlinks
|
firewall
|
through
|
creates
|
follows
|
Policy
|
modify
|
which
|
could
|
local
|
allow
|
users
|
Point
|
rules
|
Check
|
gain
|
file
|
30b
|
SP1
|
cpp
|
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.
WebSeal in IBM Tivoli SecureWay Policy Director
SecureWay
|
attackers
|
Director
|
WebSeal
|
service
|
remote
|
denial
|
Policy
|
Tivoli
|
allows
|
cause
|
IBM
|
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.
Clearswift MAILsweeper before 4.3.15 does not p
MAILsweeper
|
Clearswift
|
before
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
Clearswift MAILsweeper before 4.3.15 does not p
MAILsweeper
|
Clearswift
|
before
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
Clearswift MAILsweeper before 4.3.15 does not p
MAILsweeper
|
Clearswift
|
before
|
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.
Array index overflow in the xfrm_sk_policy_inse
xfrm_sk_policy_insert
|
xfrm_userc
|
function
|
overflow
|
service
|
kernel
|
allows
|
denial
|
users
|
cause
|
index
|
Array
|
local
|
Linux
|
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
Citrix Metaframe Presentation Server 3.0 and 4.
Presentation
|
restrictions
|
downloading
|
launchica
|
attackers
|
Metaframe
|
changing
|
device
|
client
|
Citrix
|
allows
|
Server
|
policy
|
bypass
|
remote
|
name
|
file
|
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).
Trusted Mobility Agent PC Policy in Trust Digit
domain-authentication
|
bypasses
|
provides
|
Mobility
|
handheld
|
Trusted
|
Digital
|
allows
|
prompt
|
button
|
Policy
|
cancel
|
local
|
users
|
Agent
|
Trust
|
which
|
Suite
|
sync
|
Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized.
p1003_1b.c in FreeBSD 6.1 allows local users to
unspecified
|
scheduler
|
p1003_1bc
|
settable
|
service
|
setting
|
FreeBSD
|
allows
|
policy
|
should
|
denial
|
local
|
cause
|
users
|
which
|
root
|
only
|
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
Software vulnerabilities results 1 to 20 of 82
Page:
1
2
3
4
5
►