removing software vulnerabilities
vulnerabilities.aspcode.net
Searching removing software vulnerabilities
guestbook.pl cleanses user-inserted SSI command
user-inserted
|
guestbookpl
|
separators
|
arbitrary
|
attackers
|
cleanses
|
commands
|
removing
|
execute
|
between
|
allows
|
remote
|
Apache
|
"<--"
|
"-->"
|
which
|
text
|
SSI
|
run
|
guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
"Multiple Users" Control Panel in Mac OS 9 allo
effectively
|
privileges
|
"Multiple
|
password
|
removing
|
without
|
Control
|
account
|
removes
|
Groups
|
Users"
|
Normal
|
allows
|
which
|
Owner
|
users
|
Panel
|
user
|
gain
|
Data
|
File
|
Mac
|
log
|
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
Stack-based buffer overflow in PWIWrapper.dll f
DeviceIoControl
|
PWIWrapperdll
|
Stack-based
|
130build52
|
arbitrary
|
Firewall
|
overflow
|
removing
|
sending
|
program
|
crafted
|
allowed
|
command
|
Webroot
|
Desktop
|
execute
|
before
|
buffer
|
allows
|
SYSTEM
|
users
|
local
|
list
|
code
|
then
|
Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list.
eFiction 1.0, 1.1, and 2.0, in unspecified envi
environments
|
unauthorized
|
unspecified
|
operations
|
attackers
|
accessing
|
eFiction
|
directly
|
conduct
|
remote
|
might
|
allow
|
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used.
The kernel in Red Hat Enterprise Linux 3, when
Enterprise
|
running
|
systems
|
service
|
kernel
|
denial
|
allows
|
users
|
local
|
Linux
|
cause
|
Red
|
Hat
|
SMP
|
The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.
Unrestricted file upload vulnerability in add.a
vulnerability
|
Unrestricted
|
client-side
|
attackers
|
arbitrary
|
security
|
removing
|
possibly
|
OzzyWork
|
execute
|
Gallery
|
earlier
|
checks
|
allows
|
addasp
|
upload
|
remote
|
files
|
file
|
ASP
|
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.
Mathcad 12 through 13.1 allows local users to b
through
|
Mathcad
|
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
Macrovision InstallAnywhere Enterprise before 8
InstallAnywhere
|
Macrovision
|
Enterprise
|
before
|
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before Thursday, July 12, 2007 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations.
Software vulnerabilities results 1 to 10 of 10
Page:
1