preserves software vulnerabilities
vulnerabilities.aspcode.net
Searching preserves software vulnerabilities
** DISPUTED ** Mozilla Firefox 1.5.0.1, and po
DISPUTED
|
Firefox
|
Mozilla
|
** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."
Microsoft Internet Explorer 5.01 SP4 and 6 SP1
Microsoft
|
Explorer
|
Internet
|
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
VMware Workstation 5.5.3 34685, when the "Enabl
Workstation
|
VMware
|
VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.
The luci server component in conga preserves th
System/Cluster
|
performing
|
preserves
|
operation
|
attribute
|
attackers
|
component
|
password
|
storing
|
between
|
source"
|
server
|
obtain
|
allows
|
other
|
which
|
"view
|
steal
|
loads
|
conga
|
Value
|
field
|
entry
|
page
|
luci
|
flow
|
task
|
web
|
Add
|
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
The do_set_password function in modules/chanser
modules/chanserv/setc
|
do_set_password
|
Services
|
function
|
before
|
IRC
|
The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password.
Software vulnerabilities results 1 to 6 of 6
Page:
1