relies software vulnerabilities
vulnerabilities.aspcode.net
Searching relies software vulnerabilities
PHPNetToolpack 0.1 relies on its environment's
PHPNetToolpack
|
environment's
|
traceroute
|
privileges
|
inserting
|
execute
|
program
|
search
|
relies
|
Trojan
|
users
|
horse
|
local
|
could
|
which
|
allow
|
PATH
|
into
|
gain
|
find
|
its
|
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
PHProjekt 2.0 through 3.1 relies on the $PHP_SE
"mail_sendphp/sms"
|
authentication
|
demonstrated
|
PATH_INFO
|
attackers
|
PHProjekt
|
$PHP_SELF
|
included
|
variable
|
request
|
portion
|
scripts
|
through
|
allows
|
remote
|
bypass
|
relies
|
which
|
using
|
"sms"
|
file
|
via
|
php
|
URL
|
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
stmkfont in HP-UX B.11.00 through B.11.23 relie
user-specified
|
environment
|
arbitrary
|
executing
|
malicious
|
modifying
|
commands
|
variable
|
programs
|
stmkfont
|
execute
|
through
|
certain
|
relies
|
allows
|
point
|
B1123
|
B1100
|
HP-UX
|
which
|
users
|
local
|
PATH
|
code
|
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
EMC Legato NetWorker, Sun Solstice Backup 6.0 a
authentication
|
privileges
|
Enterprise
|
NetWorker
|
attackers
|
AUTH_UNIX
|
spoofing
|
username
|
Solstice
|
StorEdge
|
through
|
Legato
|
allows
|
remote
|
Backup
|
bypass
|
relies
|
which
|
rely
|
gain
|
user
|
UID
|
Sun
|
EMC
|
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
BFCommand & Control Server Manager BFCC 1.22_A
disconnections
|
administrative
|
restrictions
|
permissions
|
attackers
|
BFCommand
|
modified
|
perform
|
Manager
|
Control
|
actions
|
enforce
|
earlier
|
allows
|
remote
|
bypass
|
Server
|
relies
|
client
|
which
|
122_A
|
214_B
|
BFVCC
|
BFCC
|
such
|
via
|
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client.
The signature verification functionality in the
functionality
|
verification
|
signature
|
Online
|
Update
|
YaST
|
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
The NeoScale Systems CryptoStor 700 series appl
CryptoStor
|
NeoScale
|
Systems
|
The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.
The pswd.js script relies on the client to calc
brute-force
|
downloading
|
conducting
|
hard-coded
|
attackers
|
calculate
|
password
|
username
|
offline
|
attacks
|
whether
|
allows
|
remote
|
obtain
|
relies
|
client
|
pswdjs
|
script
|
server
|
values
|
hashed
|
which
|
match
|
The pswd.js script relies on the client to calculate whether a username and password for a server match hard-coded hashed values, which allows remote attackers to obtain a username and password by downloading pswd.js and conducting brute-force offline attacks.
AntiHook 3.0.0.23 - Desktop relies on the Proce
AntiHook
|
AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
AVG Anti-Virus plus Firewall 7.5.431 relies on
Anti-Virus
|
Firewall
|
plus
|
AVG
|
AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Comodo Personal Firewall 2.3.6.81 relies on the
Firewall
|
Personal
|
Comodo
|
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Filseclab Personal Firewall 3.0.0.8686 relies o
Filseclab
|
Firewall
|
Personal
|
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 200
Soft4Ever
|
Stop
|
Look
|
'n'
|
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before Friday, December 15, 2006 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Sygate Personal Firewall 5.6.2808 relies on the
Firewall
|
Personal
|
Sygate
|
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Pedro Lineu Orso chetcpasswd before 2.4 relies
X-Forwarded-For
|
unauthorized
|
chetcpasswd
|
verifying
|
attackers
|
spoofing
|
client's
|
address
|
access
|
remote
|
allows
|
status
|
header
|
relies
|
before
|
Pedro
|
Lineu
|
which
|
HTTP
|
Orso
|
gain
|
ACL
|
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
The disconnect method in the Philips USB Webcam
disconnect
|
Philips
|
Webcam
|
method
|
USB
|
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.
Sun Java Runtime Environment (JRE) in JDK and J
Environment
|
Runtime
|
Java
|
Sun
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.
Sun Java Runtime Environment (JRE) in JDK and J
Environment
|
Runtime
|
Java
|
Sun
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
Software vulnerabilities results 1 to 19 of 19
Page:
1