profiles software vulnerabilities
vulnerabilities.aspcode.net
Searching profiles software vulnerabilities
The SuSE aaa_base package installs some system
directories
|
privileges
|
standard
|
accounts
|
creating
|
profiles
|
aaa_base
|
installs
|
package
|
scripts
|
startup
|
allows
|
system
|
those
|
users
|
local
|
which
|
user
|
such
|
some
|
/tmp
|
gain
|
home
|
SuSE
|
set
|
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
The pfexec function for Sun Solaris 8 and 9 doe
privileges
|
additional
|
exec_attr
|
profiles
|
contains
|
database
|
properly
|
function
|
commands
|
invalid
|
execute
|
profile
|
Solaris
|
rights
|
pfexec
|
handle
|
custom
|
users
|
local
|
which
|
entry
|
allow
|
does
|
Sun
|
may
|
not
|
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows
ColorSync
|
Mac
|
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.
Mac OS X before 10.3.8 users world-writable per
before
|
Mac
|
Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.
AS/400 running OS400 5.2 installs and enables L
authenticated
|
performing
|
profiles
|
installs
|
default
|
running
|
enables
|
search
|
obtain
|
OS/400
|
allows
|
AS/400
|
remote
|
OS400
|
which
|
users
|
user
|
LDAP
|
AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.
The saveProfile function in PhpSlash 0.8.0 allo
saveProfile
|
PhpSlash
|
function
|
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
Mercora IMRadio 4.0.0.0 stores usernames and pa
IMRadio
|
Mercora
|
Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges.
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.
Drupal
|
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
Unspecified vulnerability in PhpLogCon before 1
vulnerability
|
Unspecified
|
PhpLogCon
|
before
|
Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php.
NOCC Webmail 1.0 allows remote attackers to obt
information
|
attackers
|
sensitive
|
request
|
Webmail
|
direct
|
allows
|
remote
|
obtain
|
NOCC
|
via
|
NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments.
EAServer Manager in Sybase EAServer 5.2 and 5.3
authenticated
|
unspecified
|
credentials
|
involving
|
possibly
|
EAServer
|
password
|
abitrary
|
vectors
|
Manager
|
Sybase
|
remote
|
allows
|
obtain
|
guests
|
users
|
via
|
EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of abitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.
Unspecified vulnerability in the format command
vulnerability
|
Unspecified
|
Solaris
|
command
|
before
|
format
|
Sun
|
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before Monday, August 21, 2006 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
save_profile.asp in WebEvents (Online Event Reg
save_profileasp
|
WebEvents
|
save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.
Yana Framework before 2.8.5a allows remote auth
authenticated
|
permissions
|
unspecified
|
Framework
|
guestbook
|
arbitrary
|
profiles
|
profile
|
vectors
|
delete
|
before
|
remote
|
modify
|
allows
|
users
|
Yana
|
285a
|
via
|
Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before Wednesday, February 14, 2007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
WebAPP before 0.9.9.5 does not properly filter
before
|
WebAPP
|
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
WebAPP before 0.9.9.5 does not properly manage
before
|
WebAPP
|
WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.
Unspecified vulnerability in the Nodefamily mod
authenticated
|
vulnerability
|
Unspecified
|
parameters
|
Nodefamily
|
profiles
|
users'
|
modify
|
access
|
Drupal
|
module
|
before
|
remote
|
allows
|
5x-10
|
users
|
other
|
URL
|
via
|
Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters.
Multiple cross-site request forgery (CSRF) vuln
cross-site
|
Multiple
|
forgery
|
request
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.
Software vulnerabilities results 1 to 20 of 20
Page:
1
2
►