recorded software vulnerabilities
vulnerabilities.aspcode.net
Searching recorded software vulnerabilities
NTFS file system in Windows NT 4.0 and Windows
Windows
|
system
|
NTFS
|
file
|
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
Heysoft EventSave 5.1 and 5.2 and Heysoft Event
Microsoft's
|
application
|
EventSave+
|
attackers
|
EventSave
|
recorded
|
written
|
prevent
|
whether
|
Heysoft
|
opening
|
Viewer
|
events
|
allows
|
check
|
Event
|
using
|
which
|
being
|
such
|
does
|
file
|
not
|
can
|
log
|
Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
Multiple buffer overflows in golddig 2.0 and ea
overflows
|
arbitrary
|
Multiple
|
execute
|
earlier
|
golddig
|
buffer
|
users
|
allow
|
local
|
code
|
via
|
Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable.
Format string vulnerability in the SetBaseURL f
vulnerability
|
SetBaseURL
|
specifiers
|
attackers
|
arbitrary
|
function
|
recorded
|
invalid
|
execute
|
toolbar
|
Format
|
string
|
remote
|
allows
|
AtHoc
|
debug
|
code
|
log
|
URL
|
via
|
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.
Cross-site scripting (XSS) vulnerability in Tra
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file.
Cross-site scripting (XSS) vulnerability in Gre
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file.
The time_out_leases function in locks.c for Lin
time_out_leases
|
2615-rc3
|
function
|
service
|
allows
|
denial
|
locksc
|
kernel
|
before
|
Linux
|
cause
|
local
|
users
|
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, an
Netscape
|
Firefox
|
Mozilla
|
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
Cross-site scripting (XSS) vulnerability in Vir
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.
ScaryBear PocketExpense Pro 3.9.1 uses an inter
PocketExpense
|
ScaryBear
|
Pro
|
ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
Multiple format string vulnerabilities in zabbi
vulnerabilities
|
Multiple
|
zabbix
|
before
|
format
|
string
|
Multiple format string vulnerabilities in zabbix before Friday, October 06, 2006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.
Software vulnerabilities results 1 to 13 of 13
Page:
1