results software vulnerabilities
vulnerabilities.aspcode.net
Searching results software vulnerabilities
Microsoft FrontPage stores form results in a de
/_private/form_resultstxt
|
world-readable
|
information
|
accessible
|
attackers
|
FrontPage
|
Microsoft
|
sensitive
|
submitted
|
possibly
|
document
|
location
|
results
|
default
|
remote
|
stores
|
allows
|
users
|
which
|
other
|
root
|
read
|
form
|
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
CGIscript.net csMailto.cgi program allows remot
CGIscriptnet
|
csMailtocgi
|
arbitrary
|
attackers
|
csMailto
|
modified
|
program
|
proxy"
|
allows
|
remote
|
users
|
"spam
|
send
|
mail
|
use
|
via
|
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
Format string vulnerability in artsd, when call
vulnerability
|
artswrapper
|
arts_fatal
|
privileges
|
argument
|
properly
|
function
|
strings
|
handled
|
message
|
results
|
allows
|
Format
|
string
|
called
|
artsd
|
error
|
users
|
which
|
local
|
call
|
gain
|
via
|
not
|
Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.
Unknown vulnerability in Apache 1.3.19 running
vulnerability
|
Unknown
|
Apache
|
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before
before
|
244x
|
GDM
|
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
The grid option in PeopleSoft 8.42 stores tempo
PeopleSoft
|
option
|
grid
|
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
Open WorkFlow Engine (OpenWFE) 1.4.x allows rem
WorkFlow
|
Engine
|
Open
|
Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.
SQL injection vulnerability in search.php for p
vulnerability
|
searchphp
|
injection
|
through
|
phpBB
|
SQL
|
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
Squid Web Proxy Cache 2.5 might allow remote at
information
|
containing
|
operations
|
previously
|
references
|
sensitive
|
hostnames
|
attackers
|
messages
|
results
|
invalid
|
obtain
|
remote
|
error
|
Proxy
|
Squid
|
which
|
Cache
|
might
|
allow
|
cause
|
used
|
fail
|
URLs
|
via
|
DNS
|
Web
|
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
Soldier of Fortune II 1.03 gold allows remote a
Fortune
|
Soldier
|
Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.
Unknown vulnerability in ObjectWeb Consortium C
vulnerability
|
Consortium
|
ObjectWeb
|
Unknown
|
before
|
C-JDBC
|
Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user.
The LDAP component in Fedora Directory Server 1
Directory
|
attackers
|
component
|
service
|
remote
|
denial
|
Fedora
|
Server
|
cause
|
allow
|
LDAP
|
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.
Unspecified vulnerability in AFP Server in Appl
vulnerability
|
Unspecified
|
Server
|
Apple
|
Mac
|
AFP
|
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results.
The bridge ioctl (if_bridge code) in NetBSD 1.6
bridge
|
ioctl
|
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
Unspecified vulnerability in Adobe (Macromedia)
vulnerability
|
Unspecified
|
Adobe
|
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
Usermin before 1.220 (20060629) allows remote a
Usermin
|
before
|
Usermin before 1.220 (Thursday, June 29, 2006) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Unspecified vulnerability in gzip 1.3.5 allows
vulnerability
|
Unspecified
|
gzip
|
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
FRAgent.exe in Mandiant First Response (MFR) be
FRAgentexe
|
Response
|
Mandiant
|
First
|
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception.
The "Feed Preview" feature in Mozilla Firefox 2
Preview"
|
Mozilla
|
Firefox
|
feature
|
before
|
"Feed
|
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.
lighttpd before 1.4.14 allows attackers to caus
lighttpd
|
before
|
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
Software vulnerabilities results 1 to 20 of 117
Page:
1
2
3
4
5
6
►