provides software vulnerabilities
vulnerabilities.aspcode.net
Searching provides software vulnerabilities
A URL for a WWW directory allows auto-indexing,
auto-indexing
|
indexhtml
|
directory
|
provides
|
contain
|
allows
|
files
|
which
|
file
|
does
|
list
|
URL
|
not
|
all
|
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.
The installation of Novell Netware NDS 5.99 pro
installation
|
Netware
|
Novell
|
NDS
|
The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
KMail in KDE 1.0 provides a PGP passphrase as a
information
|
passphrase
|
compromise
|
arguments
|
argument
|
programs
|
provides
|
process
|
command
|
viewing
|
obtain
|
local
|
users
|
other
|
KMail
|
which
|
allow
|
could
|
list
|
such
|
line
|
keys
|
KDE
|
via
|
PGP
|
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
Point to Point Protocol daemon (pppd) in MacOS
Protocol
|
daemon
|
Point
|
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
The default Access Control Lists (ACLs) of the
Control
|
default
|
Access
|
Lists
|
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
rwcgi60 CGI program in Oracle Reports Server, b
information
|
additional
|
sensitive
|
attackers
|
provides
|
pathname
|
program
|
rwcgi60
|
attacks
|
Reports
|
remote
|
enable
|
Oracle
|
design
|
Server
|
which
|
could
|
such
|
full
|
CGI
|
use
|
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
The Microsoft Java implementation, as used in I
implementation
|
Microsoft
|
Internet
|
Explorer
|
provides
|
public
|
Java
|
used
|
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
BEA WebLogic Server and Express, when using Nod
NodeManager
|
privileges
|
Operators
|
overwrite
|
passwords
|
usernames
|
provides
|
Operator
|
WebLogic
|
Express
|
servers
|
Server
|
Admin
|
which
|
allow
|
start
|
using
|
users
|
gain
|
BEA
|
may
|
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
The AGate component for SAP Internet Transactio
Transaction
|
component
|
Internet
|
Server
|
AGate
|
SAP
|
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
The PPTP server in Astaro Security Linux before
Security
|
before
|
Astaro
|
server
|
Linux
|
PPTP
|
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
npptnt2.sys in nProtect Gameguard provides unre
unrestricted
|
privileges
|
npptnt2sys
|
Gameguard
|
nProtect
|
provides
|
process
|
allows
|
local
|
users
|
calls
|
which
|
gain
|
I/O
|
any
|
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.
Yager 5.24 and earlier allows remote attackers
Yager
|
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.
Opera before 8.51 on Linux and Unix systems all
before
|
Opera
|
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.
Lyris ListManager before 8.9b allows remote att
configuration
|
information
|
ListManager
|
attackers
|
sensitive
|
TCLHTTPd
|
provides
|
request
|
status
|
module
|
server
|
remote
|
allows
|
before
|
obtain
|
Lyris
|
which
|
89b
|
via
|
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.
Argument injection vulnerability in greylistcle
greylistcleancron
|
vulnerability
|
whitespace
|
separated
|
attackers
|
arbitrary
|
injection
|
contains
|
provides
|
Argument
|
filename
|
sa-exim
|
command
|
remote
|
allows
|
delete
|
quoted
|
which
|
files
|
email
|
field
|
via
|
not
|
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
Virtual Private Server (Vserver) 2.0.x before 2
Private
|
Virtual
|
Server
|
Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root.
Pedro Lineu Orso chetcpasswd 2.3.3 provides a d
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
MailEnable Professional before 1.78 provides a
Professional
|
MailEnable
|
before
|
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
BEA WebLogic Portal 9.2 GA can corrupt a visito
administrator
|
authenticated
|
entitlements
|
description
|
privileged
|
resources
|
WebLogic
|
provides
|
corrupt
|
visitor
|
remote
|
access
|
Portal
|
allow
|
users
|
which
|
might
|
role
|
long
|
BEA
|
can
|
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
lib/backup-methods.sh in Backup Manager before
lib/backup-methodssh
|
Manager
|
before
|
Backup
|
lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.
Software vulnerabilities results 1 to 20 of 41
Page:
1
2
3
►