running software vulnerabilities
vulnerabilities.aspcode.net
Searching running software vulnerabilities
** DISPUTED ** PHP treats unknown methods such
restrictions
|
demonstrated
|
attackers
|
directive
|
DISPUTED
|
intended
|
running
|
unknown
|
request
|
methods
|
Apache
|
treats
|
server
|
passes
|
access
|
"PoSt"
|
httpd
|
allow
|
Limit
|
using
|
which
|
could
|
such
|
all
|
GET
|
PHP
|
** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
** DISPUTED ** NOTE: this issue has been dispu
DISPUTED
|
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
Agnitum Outpost Firewall Pro 3.51.759.6511 (462
Firewall
|
Outpost
|
Agnitum
|
Pro
|
Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.
Argument injection vulnerability in Microsoft I
metacharacters
|
vulnerability
|
cross-browser
|
registered
|
arbitrary
|
Microsoft
|
attackers
|
scripting
|
injection
|
installed
|
Internet
|
commands
|
Explorer
|
Argument
|
execute
|
attacks
|
conduct
|
Firefox
|
certain
|
running
|
systems
|
allows
|
remote
|
shell
|
URIs
|
via
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of Wednesday, July 11, 2007, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
Argument injection vulnerability in Microsoft I
metacharacters
|
CVE-2007-3670
|
vulnerability
|
cross-browser
|
navigatorurl
|
netscapeexe
|
registered
|
attackers
|
injection
|
installed
|
arbitrary
|
Microsoft
|
scripting
|
inserted
|
commands
|
Netscape
|
Explorer
|
invoking
|
Argument
|
Internet
|
-chrome
|
command
|
created
|
related
|
certain
|
conduct
|
systems
|
attacks
|
running
|
execute
|
allows
|
remote
|
shell
|
issue
|
which
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of Friday, July 13, 2007, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
Cisco Adaptive Security Appliance (ASA) running
Appliance
|
Security
|
Adaptive
|
Cisco
|
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
Argument injection vulnerability in Apple Quick
vulnerability
|
QuickTime
|
injection
|
Argument
|
Apple
|
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.
Software vulnerabilities results 501 to 508 of 508
Page:
◄
1
...
23
24
25
26