remotely software vulnerabilities
vulnerabilities.aspcode.net
Searching remotely software vulnerabilities
ControlIT 4.5 and earlier (aka Remotely Possibl
ControlIT
|
earlier
|
ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.
MS Site Server 2.0 with IIS 4 can allow users t
including
|
commands
|
remotely
|
allowing
|
content
|
execute
|
target
|
Server
|
upload
|
allow
|
users
|
thus
|
Site
|
them
|
can
|
IIS
|
web
|
ASP
|
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
The registry in Windows NT can be accessed remo
administrators
|
accessed
|
remotely
|
registry
|
Windows
|
users
|
can
|
not
|
The registry in Windows NT can be accessed remotely by users who are not administrators.
The administration interface for the dwhttpd we
metacharacters
|
administration
|
AnswerBook2
|
interface
|
remotely
|
commands
|
dwhttpd
|
execute
|
Solaris
|
server
|
allows
|
shell
|
users
|
web
|
via
|
The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.
The ixsso.query ActiveX Object is marked as saf
determines
|
ixssoquery
|
operators
|
scripting
|
malicious
|
existence
|
visiting
|
remotely
|
Windows
|
ActiveX
|
script
|
marked
|
Object
|
allows
|
files
|
which
|
embed
|
safe
|
site
|
web
|
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
Buffer overflows in gzip 1.3x, 1.2.4, and other
overflows
|
Buffer
|
gzip
|
13x
|
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
Scripting.FileSystemObject in asp.dll for Micro
ScriptingFileSystemObject
|
Microsoft
|
attackers
|
service
|
remote
|
aspdll
|
allows
|
denial
|
cause
|
local
|
IIS
|
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Benjamin Lefevre Dobermann FORUM 0.5 and earlie
variablein
|
malicious
|
attackers
|
"subpath"
|
Dobermann
|
remotely
|
Benjamin
|
execute
|
Lefevre
|
include
|
earlier
|
remote
|
allows
|
files
|
FORUM
|
PHP
|
via
|
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
An integer overflow in ls in the fileutils or c
applications
|
coreutils
|
exploited
|
arbitrary
|
fileutils
|
remotely
|
overflow
|
packages
|
service
|
execute
|
wu-ftpd
|
integer
|
denial
|
could
|
which
|
allow
|
local
|
value
|
users
|
cause
|
large
|
such
|
code
|
use
|
via
|
may
|
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
ls in the fileutils or coreutils packages allow
applications
|
fileutils
|
exploited
|
coreutils
|
remotely
|
packages
|
consume
|
wu-ftpd
|
memory
|
allows
|
amount
|
large
|
users
|
local
|
value
|
which
|
such
|
via
|
can
|
use
|
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
Network Dynamic Data Exchange (NetDDE) services
Exchange
|
Dynamic
|
Network
|
Data
|
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
Format string vulnerability in the PRINT_ERROR
vulnerability
|
PRINT_ERROR
|
Cherokee
|
function
|
commonc
|
Server
|
Format
|
string
|
Web
|
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.
Multiple buffer overflows in htpasswd, as used
privileges
|
overflows
|
possibly
|
products
|
Multiple
|
htpasswd
|
Apache
|
thttpd
|
buffer
|
might
|
users
|
local
|
allow
|
other
|
gain
|
used
|
Acme
|
such
|
225b
|
via
|
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
htpasswd, as used in Acme thttpd 2.25b and poss
metacharacters
|
privileges
|
possibly
|
argument
|
products
|
function
|
htpasswd
|
command
|
thttpd
|
Apache
|
system
|
which
|
shell
|
users
|
allow
|
might
|
other
|
local
|
225b
|
used
|
Acme
|
call
|
gain
|
such
|
line
|
via
|
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
PHP remote file inclusion vulnerability in incl
includes/configphp
|
vulnerability
|
WebCalendar
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
The command line interface (CLI) in Cisco Unifi
interface
|
command
|
line
|
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.
Software vulnerabilities results 1 to 17 of 17
Page:
1