Searching rights software vulnerabilities

A Windows NT system's user audit policy does no

Management | Shutdown | Tracking | Security | system's | success | failure | Changes | Restart | Process | Windows | Access | Rights | policy | Object | System | Logoff | audit | event | Logon | Group | does | File | user | not | Use | log |

A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.


Vulnerability in The Web Information Gateway (T

Vulnerability | Information | Gateway | Web |

Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.


Novell Netware 5.0 through 5.1 may allow local

Directory | Services | logging | "Domain | Netware | through | Novell | rights | Admin" | allow | local | users | into | gain | may |

Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password.


MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.

before | MySQL |

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.


The pfexec function for Sun Solaris 8 and 9 doe

privileges | additional | exec_attr | profiles | contains | database | properly | function | commands | invalid | execute | profile | Solaris | rights | pfexec | handle | custom | users | local | which | entry | allow | does | Sun | may | not |

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.


Unknown vulnerability in Hitachi Job Management

vulnerability | Management | Partner | Unknown | Hitachi | Job |

Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.


Unknown vulnerability in rpc.mountd in SGI IRIX

vulnerability | rpcmountd | Unknown | IRIX | SGI |

Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities.


Unknown vulnerability in DameWare NT Utilities

vulnerability | additional | Utilities | DameWare | Unknown | Control | earlier | rights | allows | Remote | users | local | Mini | gain |

Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights.


Windows Media Player 9 and 10, in certain cases

Management | protected | Digital | content | Windows | certain | Rights | Player | allows | Media | cases |

Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.


Authorization Services in securityd for Apple M

Authorization | securityd | Services | Apple | Mac |

Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.


Integer overflow in the do_replace function in

"virtualization | copy_from_user | CAP_NET_ADMIN | solutions" | do_replace | netfilter | overflow | function | 2616-rc3 | Integer | allows | buffer | rights | before | OpenVZ | using | cause | local | users | Linux | such |

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.


TWiki 4.0, 4.0.1, and 20010901 through 20040904

TWiki |

TWiki 4.0, 4.0.1, and Saturday, September 01, 2001 through Saturday, September 04, 2004 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.


Gonafish.com LinksCaffe 2.0 and 3.0 do not prop

Admin/admin1953php | administration | administrator | Gonafishcom | LinksCaffe | attackers | functions | properly | restrict | request | direct | rights | allows | access | remote | which | gain | full | not | via |

Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.


Unspecified vulnerability in XIAO Gang WWW Inte

vulnerability | Mathematics | Interactive | Unspecified | Server | XIAO | Gang |

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."


The drmstor.dll ActiveX object in Microsoft Win

Management | drmstordll | Microsoft | Digital | Windows | ActiveX | System | object | Rights |

The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.


admin/uploads.php in PHP-Update 2.7 and earlier

admin/uploadsphp | privileges | PHP-Update | attackers | rights[7] | parameter | earlier | setting | during | allows | remote | action | login | gain |

admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.


The dofreePDF function in includes/pdf.php in M

includes/pdfphp | dofreePDF | function | Mambo |

The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.


PreviewAction in XWiki 0.9.543 through 0.9.1252

PreviewAction | XWiki |

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.


Unspecified vulnerability in inotify before 0.3

vulnerability | Unspecified | inotify | before |

Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."


The "You are not allowed..." error handler in X

authenticated | associates | regardless | documents | arbitrary | attribute | document | metadata | variable | allowed" | handler | content | allows | remote | prints | custom | rights | user's | entire | error | XWiki | users | which | skin | read | view | "You | not | doc | via |

The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.


Software vulnerabilities results 1 to 20 of 23     
Page: 12