Searching programs software vulnerabilities

IIS 3.0 with the iis-fix hotfix installed allow

installed | intruders | programs | instead | iis-fix | source | allows | hotfix | remote | using | read | code | IIS | %2e | ASP |

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.


The Java Web Server would allow remote users to

programs | remote | obtain | source | Server | allow | users | would | code | Java | CGI | Web |

The Java Web Server would allow remote users to obtain the source code for CGI programs.


The Webcom CGI Guestbook programs wguest.exe an

"template" | wguestexe | rguestexe | arbitrary | parameter | Guestbook | attacker | programs | Webcom | remote | using | files | allow | read | CGI |

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter.


Buffer overflow in CDE dtmail and dtmailpr prog

privileges | dtmailpr | programs | overflow | option | allows | Buffer | dtmail | users | local | long | gain | CDE | via |

Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.


The installation of Sun Source (sunsrc) tapes a

installation | Source | Sun |

The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.


KMail in KDE 1.0 provides a PGP passphrase as a

information | passphrase | compromise | arguments | argument | programs | provides | process | command | viewing | obtain | local | users | other | KMail | which | allow | could | list | such | line | keys | KDE | via | PGP |

KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.


Buffer overflow in GNOME libraries 1.0.8 allows

libraries | overflow | Buffer | GNOME |

Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.


Buffer overflow in xconq and cconq game program

environmental | privileges | additional | programs | variable | overflow | allows | Buffer | users | cconq | local | Linux | xconq | long | USER | gain | game | Hat | Red | via |

Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.


The CVS 1.10.8 server does not properly restric

CVS |

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.


VariCAD 7.0 is installed with world-writeable f

world-writeable | installed | programs | replace | VariCAD | program | Trojan | allows | horse | which | files | users | local |

VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.


userhelper in the usermode package on Red Hat L

vulnerabilities | environment | userhelper | non-setuid | exploited | variables | activate | measures | security | executes | programs | usermode | package | allows | format | LC_ALL | string | which | Linux | glibc | LANG | does | root | via | Hat | Red | not |

userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).


Directory traversal vulnerability in Carello 1.

vulnerability | attackers | Directory | traversal | programs | execute | Carello | server | allows | remote | via |

Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter.


AtGuard 3.2 allows remote attackers to bypass f

prohibited | attackers | filenames | permitted | programs | changing | execute | AtGuard | firwall | filters | allows | bypass | remote |

AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames.


The RPM installation of SAP DB 7.x creates the

installation | creates | SAP | RPM |

The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.


The init scripts in Search for Extraterrestrial

Extraterrestrial | Intelligence | scripts | Search | init |

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.


The init scripts in Great Internet Mersenne Pri

Internet | Mersenne | scripts | Search | Prime | Great | init |

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.


rssh 2.2.2 and earlier does not properly restri

rssh |

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.


The unison command in scponly before 4.0 does n

authenticated | restrictions | arbitrary | restrict | intended | programs | properly | scponly | command | execute | remote | unison | bypass | before | access | users | which | could | allow | does | via | not | run | can |

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.


The ActiveX control for NateOn Messenger (Nateo

Messenger | control | ActiveX | NateOn |

The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method.


The default configuration of WebAPP before 0.9.

configuration | default | before | WebAPP |

The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.


Software vulnerabilities results 1 to 20 of 203     
Page: 12345...11