Searching pre installer software vulnerabilities

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0

firewalls | SonicWALL | Tele2 | SOHO |

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.


The pre-login mode in the System Administrator

Administrator | ConsoleServer | Lightwave | pre-login | interface | System | mode |

The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.


An installer program for Oracle9iAS Web Cache 2

configuration | permissions | executable | privileges | Oracle9iAS | installer | insecure | program | creates | allows | local | users | which | Cache | files | gain | 200x | Web |

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.


Multiple buffer overflows in realtime operating

overflows | operating | Multiple | realtime | system | buffer |

Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.


Buffer overflow in DameWare Mini Remote Control

DameWare | overflow | Control | Remote | Buffer | before | Mini |

Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.


Session fixation vulnerability in Macromedia JR

vulnerability | information | pre-setting | Macromedia | attackers | sessions | fixation | Session | hijack | remote | allows | server | used | JRun | user |

Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.


An ActiveX control for McAfee Security Installe

Installer | Security | ActiveX | control | System | McAfee |

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.


Stack-based buffer overflow in an ActiveX contr

Stack-based | Macromedia | installer | Shockwave | overflow | ActiveX | control | Player | buffer | Adobe |

Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.


Cross-site scripting (XSS) vulnerability in Exp

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer.


The installer for Gallery 2.0 before 2.0.2 stor

installer | Gallery | before |

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.


Unspecified vulnerability in PEAR installer 1.4

vulnerability | Unspecified | installer | PEAR |

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.


The Ubuntu 5.10 installer does not properly cle

Ubuntu |

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.


The installation of Debian GNU/Linux 3.1r1 from

/var/log/debian-installer/cdebconf | installation | permissions | GNU/Linux | writable | creates | service | network | install | allows | Debian | denial | users | cause | world | which | local | 31r1 |

The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).


A third-party installer generation tool, possib

bitrock_installerlog | InstallBuilder | third-party | Process-one | generation | generates | including | installer | temporary | ejabberd | possibly | products | service | symlink | BitRock | earlier | denial | attack | allows | 111_1 | users | local | cause | tool | file | used | via |

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.


The Installer application in Apple Mac OS X 10.

application | Installer | Apple | Mac |

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.


SQL injection vulnerability in detail.php in Pr

vulnerability | attackers | arbitrary | detailphp | parameter | injection | commands | Shopping | execute | prodid | allows | remote | Mall | SQL | Pre | via |

SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.


SQL injection vulnerability in search.php in Pr

vulnerability | Classifieds | parameter | arbitrary | attackers | injection | searchphp | commands | category | Listings | execute | allows | remote | SQL | Pre | via |

SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.


administrator/index.php in the installer compon

administrator/indexphp | component | installer |

administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.


Multiple buffer overflows in Google Picasa have

unspecified | overflows | Multiple | vectors | impact | attack | Google | buffer | Picasa | have |

Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.


Multiple cross-application scripting (XAS) vuln

cross-application | scripting | Multiple |

Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.


Software vulnerabilities results 1 to 20 of 68     
Page: 1234