restricted software vulnerabilities
vulnerabilities.aspcode.net
Searching restricted software vulnerabilities
XFree86 xfs command is vulnerable to a symlink
directories
|
vulnerable
|
restricted
|
privileges
|
possibly
|
allowing
|
service
|
XFree86
|
symlink
|
command
|
denial
|
attack
|
create
|
local
|
cause
|
files
|
users
|
them
|
gain
|
xfs
|
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
TFTP is not running in a restricted directory,
information
|
restricted
|
directory
|
sensitive
|
attacker
|
allowing
|
password
|
running
|
access
|
remote
|
files
|
TFTP
|
such
|
not
|
TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
A WWW server is not running in a restricted fil
system-critical
|
restricted
|
allowing
|
through
|
running
|
server
|
access
|
chroot
|
system
|
data
|
file
|
thus
|
not
|
A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.
Backdoor in auth.php3 in Phorum 3.0.7 allows re
authphp3
|
Backdoor
|
Phorum
|
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
FoolProof 3.9 allows local users to bypass prog
restrictions
|
downloading
|
executables
|
restricted
|
execution
|
FoolProof
|
renaming
|
another
|
program
|
source
|
allows
|
bypass
|
users
|
local
|
them
|
FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them.
Vulnerability in login in HP-UX 11.00, 11.11, a
Vulnerability
|
HP-UX
|
login
|
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
Pi3Web 2.0.0 allows remote attackers to view re
Pi3Web
|
Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.
Bugzilla
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.
The Javascript "Same Origin Policy" (SOP), as i
Javascript
|
Policy"
|
Origin
|
"Same
|
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
BadBlue server allows remote attackers to read
hex-encoded
|
restricted
|
attackers
|
contains
|
BadBlue
|
request
|
allows
|
EXTINI
|
server
|
remote
|
files
|
byte
|
null
|
such
|
read
|
HTTP
|
via
|
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.
Unknown vulnerability in NetInfo Manager applic
vulnerability
|
application
|
Manager
|
Unknown
|
NetInfo
|
Mac
|
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
Unknown vulnerability in Novell iChain 2.2 befo
authentication
|
vulnerability
|
restricted
|
Support
|
Unknown
|
without
|
access
|
secure
|
before
|
iChain
|
Novell
|
allows
|
users
|
pages
|
Pack
|
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
Unknown vulnerability in the server login for V
VisualShapers
|
vulnerability
|
ezContents
|
Unknown
|
server
|
login
|
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions.
Unknown vulnerability in Apache 2.0.51 prevents
vulnerability
|
Unknown
|
Apache
|
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
The publisher handler for mod_python 2.7.8 and
mod_python
|
publisher
|
handler
|
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
Authorization Services in securityd for Apple M
Authorization
|
securityd
|
Services
|
Apple
|
Mac
|
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
The (1) rdiff and (2) preview scripts in TWiki
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
Teredo clients, when located behind a restricte
traditional
|
restricted
|
connection
|
attackers
|
establish
|
guessing
|
required
|
clients
|
without
|
mapping
|
inbound
|
located
|
client
|
Teredo
|
behind
|
remote
|
allow
|
find
|
port
|
NAT
|
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.
InoutMailingListManager 3.1 and earlier allows
InoutMailingListManager
|
functionality
|
restricted
|
arbitrary
|
attackers
|
execute
|
earlier
|
setting
|
certain
|
cookie
|
allows
|
remote
|
upload
|
access
|
admin
|
code
|
PHP
|
InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.
Unspecified vulnerability in Adobe Connect Ente
administrator
|
vulnerability
|
Unspecified
|
Enterprise
|
restricted
|
attackers
|
certain
|
unknown
|
Connect
|
vectors
|
allows
|
remote
|
Server
|
Adobe
|
pages
|
read
|
via
|
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
Software vulnerabilities results 1 to 20 of 96
Page:
1
2
3
4
5
►