safe software vulnerabilities

Searching safe software vulnerabilities

The Eyedog ActiveX control is marked as "safe f

The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

PHP3 with safe_mode enabled does not properly f

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

The ixsso.query ActiveX Object is marked as saf

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

Password Safe 1.7(1) leaves cleartext passwords

Password | Safe |

Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and promp on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords.

Netgear RP114 Cable/DSL Web Safe Router Firmwar

Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port.

Cross-site scripting (XSS) vulnerability in kmM

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) an e-mail message subject or (2) Javascript in "safe" tags.

Netgear RP114 Cable/DSL Web Safe Router Firmwar

Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.

The php_check_safe_mode_include_dir function in

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

The WrapNISUM ActiveX component (WrapUM.dll) in

component | WrapNISUM | ActiveX |

The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.

Lexar Safe Guard for JumpDrive Secure 1.0 store

Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when ru

PHP |

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Alcatel OmniSwitch 7000 and 7800 allows remote

OmniSwitch | Alcatel |

Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.

passwd 0.68 does not check the return code for

passwd |

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.

The Microsoft Log Sink Class ActiveX control in

The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.

WebArchiveX.dll 5.5.0.76 installed before Septe

WebArchiveXdll |

WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.

Multiple vulnerabilities in PHP before 4.4.1 al

vulnerabilities | Multiple | before | PHP |

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

Unspecified vulnerability in PHP before 4.4.1,

vulnerability | Unspecified | before | PHP |

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

The cURL library (libcurl) in PHP 4.4.2 and 5.1

library | cURL |

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

The error_log function in basic_functions.c in

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

The Download Validation in LaunchServices for A

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

Software vulnerabilities results 1 to 20 of 88

Page: 12 3 4 5 ►

safe software vulnerabilities

vulnerabilities.aspcode.net

Searching safe software vulnerabilities