rely software vulnerabilities
vulnerabilities.aspcode.net
Searching rely software vulnerabilities
Eudora 5.1 and earlier versions stores attachme
vulnerabilities
|
directories
|
attachments
|
installing
|
attackers
|
directory
|
pathnames
|
software
|
versions
|
reading
|
exploit
|
earlier
|
stores
|
Eudora
|
easier
|
fixed
|
files
|
known
|
could
|
other
|
which
|
make
|
rely
|
name
|
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
Macromedia Flash Player before 7,0,19,0 stores
Macromedia
|
Player
|
before
|
Flash
|
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
The download function of Internet Explorer 6 SP
threadid10008
|
demonstrated
|
ContentType
|
mechanisms
|
directory
|
attackers
|
security
|
response
|
function
|
download
|
Explorer
|
Internet
|
invalid
|
random
|
bypass
|
remote
|
obtain
|
allows
|
could
|
allow
|
names
|
cache
|
which
|
rely
|
HTTP
|
name
|
file
|
via
|
htm
|
SP1
|
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
Outlook 2003, when replying to an e-mail messag
Outlook
|
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
EMC Legato NetWorker, Sun Solstice Backup 6.0 a
authentication
|
privileges
|
Enterprise
|
NetWorker
|
attackers
|
AUTH_UNIX
|
spoofing
|
username
|
Solstice
|
StorEdge
|
through
|
Legato
|
allows
|
remote
|
Backup
|
bypass
|
relies
|
which
|
rely
|
gain
|
user
|
UID
|
Sun
|
EMC
|
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
Sun Java JRE 1.1.x through 1.4.x writes tempora
vulnerabilities
|
unpredictable
|
exploitation
|
applications
|
facilitates
|
predictable
|
filenames
|
attackers
|
arbitrary
|
temporary
|
locations
|
through
|
system
|
remote
|
become
|
allows
|
writes
|
known
|
write
|
which
|
style
|
files
|
names
|
short
|
rely
|
Java
|
file
|
uses
|
long
|
Sun
|
14x
|
11x
|
JRE
|
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
The _writeAttrs function in SafeHTML before 1.3
_writeAttrs
|
SafeHTML
|
function
|
before
|
The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.
Xerox WorkCentre and WorkCentre Pro before 12.0
WorkCentre
|
before
|
Xerox
|
Pro
|
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps.
Event Viewer (eventvwr.exe) in Microsoft Window
Viewer
|
Event
|
Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.
Multiple race conditions in suexec in Apache HT
conditions
|
Multiple
|
Apache
|
Server
|
suexec
|
race
|
HTTP
|
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
suexec in Apache HTTP Server (httpd) 2.2.3 uses
Server
|
Apache
|
suexec
|
HTTP
|
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
suexec in Apache HTTP Server (httpd) 2.2.3 does
Server
|
Apache
|
suexec
|
HTTP
|
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
Sun Java Runtime Environment (JRE) in JDK and J
Environment
|
Runtime
|
Java
|
Sun
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.
Sun Java Runtime Environment (JRE) in JDK and J
Environment
|
Runtime
|
Java
|
Sun
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
Software vulnerabilities results 1 to 15 of 15
Page:
1