restrictive software vulnerabilities
vulnerabilities.aspcode.net
Searching restrictive software vulnerabilities
By design, the "established" command on the Cis
administrators
|
"established"
|
functionality
|
restrictive
|
connections
|
alternative
|
understand
|
configure
|
arbitrary
|
intended
|
firewall
|
controls
|
already
|
allowed
|
conduit
|
command
|
access
|
allows
|
target
|
design
|
Cisco
|
cause
|
ports
|
which
|
they
|
than
|
host
|
been
|
less
|
not
|
has
|
one
|
PIX
|
can
|
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
Macintosh clients, when using NT file system vo
Macintosh
|
Windows
|
volumes
|
clients
|
system
|
using
|
file
|
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
Finder in Mac OS X 10.2.8 and earlier sets glob
Finder
|
Mac
|
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
Internet Explorer 5.01, 5.5, and 6 allows remot
Explorer
|
Internet
|
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 1
Viewer
|
Apple
|
Help
|
Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.
Squid 2.5.STABLE9 and earlier does not trigger
configuration
|
administrator
|
http_access
|
restrictive
|
identifies
|
25STABLE9
|
intended
|
missing
|
invalid
|
trigger
|
earlier
|
which
|
Squid
|
could
|
fatal
|
error
|
does
|
than
|
ACLs
|
lead
|
less
|
not
|
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
The Server Admin tool in servermgr_ipfilter for
servermgr_ipfilter
|
Server
|
Admin
|
tool
|
Mac
|
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.
** DISPUTED ** Buffer overflow in mIRC 5.91, 6.
overflow
|
DISPUTED
|
Buffer
|
mIRC
|
** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.
** DISPUTED ** Buffer overflow in the font comm
overflow
|
probably
|
DISPUTED
|
command
|
Buffer
|
mIRC
|
font
|
** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.
WHMCompleteSolution (WHMCS) before 2.3 assigns
WHMCompleteSolution
|
WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability.
Cross-site scripting (XSS) vulnerability in w-A
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
includes/content/gateway.inc.php in CubeCart 3.
includes/content/gatewayincphp
|
CubeCart
|
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
Unrestricted file upload vulnerability in conta
contacthtmlphp
|
vulnerability
|
Unrestricted
|
Contact
|
upload
|
file
|
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
dadaIMC .99.3 uses an insufficiently restrictiv
dadaIMC
|
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
lib/WeBWorK/PG/Translator.pm in WeBWorK Program
lib/WeBWorK/PG/Translatorpm
|
Generation
|
Program
|
WeBWorK
|
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Multiple buffer overflows in Firebird 2.1 allow
unspecified
|
corruption
|
attackers
|
processed
|
overflows
|
possibly
|
Multiple
|
Firebird
|
certain
|
trigger
|
impact
|
buffer
|
memory
|
input
|
other
|
allow
|
have
|
via
|
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
Directory traversal vulnerability in session.rb
vulnerability
|
sessionrb
|
Directory
|
traversal
|
Hiki
|
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
Software vulnerabilities results 1 to 18 of 18
Page:
1