restrict software vulnerabilities
vulnerabilities.aspcode.net
Searching restrict software vulnerabilities
The Expression Evaluator sample application in
application
|
exprcalccfm
|
ColdFusion
|
Expression
|
attackers
|
Evaluator
|
restrict
|
properly
|
server
|
access
|
allows
|
remote
|
sample
|
delete
|
which
|
files
|
read
|
does
|
via
|
not
|
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
The Expression Evaluator in the ColdFusion Appl
Application
|
openfilecfm
|
ColdFusion
|
Expression
|
Evaluator
|
attacker
|
restrict
|
properly
|
access
|
allows
|
remote
|
upload
|
Server
|
files
|
which
|
does
|
via
|
not
|
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
The Linux 2.2.x kernel does not restrict the nu
requesting
|
paremeter
|
restrict
|
wmem_max
|
sockets
|
service
|
defined
|
kernel
|
allows
|
denial
|
number
|
domain
|
large
|
users
|
Linux
|
cause
|
which
|
local
|
does
|
Unix
|
not
|
22x
|
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max paremeter, which allows local users to cause a denial of service by requesting a large number of sockets.
The gnapster and knapster clients for Napster d
specifying
|
attackers
|
arbitrary
|
properly
|
restrict
|
knapster
|
gnapster
|
pathname
|
clients
|
Napster
|
remote
|
allows
|
access
|
client
|
files
|
which
|
only
|
full
|
read
|
file
|
not
|
MP3
|
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
The BAIR program does not properly restrict acc
modifying
|
properly
|
restrict
|
Internet
|
registry
|
Explorer
|
options
|
program
|
obtain
|
allows
|
starts
|
access
|
users
|
local
|
which
|
BAIR
|
does
|
menu
|
not
|
key
|
The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.
Trend Micro InterScan VirusWall for Windows NT
configuration
|
VirusWall
|
InterScan
|
attackers
|
directly
|
restrict
|
programs
|
changes
|
certain
|
calling
|
Windows
|
allows
|
access
|
remote
|
which
|
Micro
|
Trend
|
make
|
CGI
|
not
|
Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.
Starfish Truesync Desktop 2.0b as used on the R
Truesync
|
Starfish
|
Desktop
|
used
|
REX
|
20b
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
The License Manager (mathlm) for Mathematica 4.
Manager
|
License
|
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.
Bugzilla before 2.14 does not restrict access t
Bugzilla
|
before
|
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
The Telnet service for Polycom ViewStation befo
ViewStation
|
Polycom
|
service
|
before
|
Telnet
|
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
User-mode Linux (UML) 2.4.17-8 does not restric
User-mode
|
Linux
|
User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before
before
|
244x
|
GDM
|
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
Webseries Payment Application does not properly
authenticated
|
Application
|
operations
|
privileged
|
privileges
|
Webseries
|
accessing
|
directly
|
properly
|
restrict
|
certain
|
Payment
|
allows
|
remote
|
which
|
users
|
does
|
URLs
|
gain
|
not
|
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.
The HTTP proxy service in Server Admin for Mac
service
|
Server
|
Admin
|
proxy
|
HTTP
|
Mac
|
The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy.
APG Technology ClassMaster does not properly re
ClassMaster
|
Technology
|
sensitive
|
attackers
|
restrict
|
properly
|
network
|
folders
|
allows
|
remote
|
access
|
share
|
which
|
does
|
not
|
APG
|
via
|
APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.
users.ini.php in BoastMachine 3.0 does not prop
BoastMachine
|
usersiniphp
|
attackers
|
arbitrary
|
uploaded
|
restrict
|
properly
|
execute
|
remote
|
allows
|
which
|
types
|
files
|
does
|
code
|
not
|
can
|
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.
eRoom 6.x does not properly restrict files that
attackers
|
arbitrary
|
restrict
|
attached
|
commands
|
properly
|
execute
|
allows
|
remote
|
files
|
eRoom
|
which
|
file
|
does
|
lnk
|
can
|
not
|
via
|
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
WebCalendar before 1.0.0 does not properly rest
WebCalendar
|
before
|
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
Exponent CMS 0.96.3 and later versions does not
Exponent
|
CMS
|
Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not rest
Plone
|
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
Software vulnerabilities results 1 to 20 of 112
Page:
1
2
3
4
5
6
►