programming software vulnerabilities
vulnerabilities.aspcode.net
Searching programming software vulnerabilities
The NtSetLdtEntries function in the programming
NtSetLdtEntries
|
programming
|
Descriptor
|
interface
|
function
|
Table
|
Local
|
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
"Shatter" style vulnerability in the Window Man
vulnerability
|
programming
|
application
|
Management
|
interface
|
"Shatter"
|
Window
|
style
|
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
Certain "programming errors" in the msync syste
"programming
|
FreeBSD
|
errors"
|
Certain
|
system
|
msync
|
call
|
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
Buffer overflow in the Telephony Application Pr
Application
|
Programming
|
Interface
|
Telephony
|
overflow
|
Buffer
|
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
A "programming error" in fast_ipsec in FreeBSD
"programming
|
Association
|
48-RELEASE
|
associated
|
fast_ipsec
|
attackers
|
61-STABLE
|
sequence
|
Security
|
properly
|
packets
|
capture
|
through
|
FreeBSD
|
attacks
|
conduct
|
checks
|
replay
|
remote
|
number
|
update
|
NetBSD
|
error"
|
allows
|
IPSec
|
which
|
does
|
pass
|
not
|
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
Stack-based buffer overflow in Python 2.4.2 and
Stack-based
|
overflow
|
Python
|
buffer
|
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.
An unspecified "logical programming mistake" in
SynchronEyes
|
programming
|
unspecified
|
attackers
|
discovery
|
possibly
|
versions
|
"logical
|
mistake"
|
service
|
Teacher
|
earlier
|
Student
|
denial
|
packet
|
allows
|
remote
|
large
|
SMART
|
cause
|
port
|
via
|
An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port.
PreviewAction in XWiki 0.9.543 through 0.9.1252
PreviewAction
|
XWiki
|
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
The Database Link library (dblink) in PostgreSQ
Database
|
library
|
Link
|
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
Software vulnerabilities results 1 to 10 of 10
Page:
1