sanitize software vulnerabilities
vulnerabilities.aspcode.net
Searching sanitize software vulnerabilities
loadmodule in SunOS 4.1.x, as used by xnews, do
vulnerability
|
CVE-1999-1584
|
environment
|
privileges
|
loadmodule
|
different
|
sanitize
|
properly
|
allows
|
local
|
SunOS
|
users
|
xnews
|
which
|
does
|
gain
|
used
|
than
|
41x
|
its
|
not
|
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
rsync before 2.6.1 does not properly sanitize p
before
|
rsync
|
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
Directory traversal vulnerability in the saniti
vulnerability
|
sanitize_path
|
Directory
|
traversal
|
function
|
rsync
|
utilc
|
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
Enscript 1.6.3 does not sanitize filenames, whi
Enscript
|
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
zgrep in gzip before 1.3.5 does not properly sa
before
|
zgrep
|
gzip
|
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
OpenText FirstClass 8.0 client does not properl
ShellExecute
|
FirstClass
|
attackers
|
arbitrary
|
OpenText
|
bookmark
|
commands
|
sanitize
|
properly
|
Windows
|
execute
|
strings
|
passing
|
remote
|
client
|
allows
|
before
|
which
|
does
|
path
|
them
|
API
|
UNC
|
not
|
via
|
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
Horde IMP 4.0.4 and earlier does not sanitize s
Horde
|
IMP
|
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
Interpretation conflict in includes/mainfile.ph
includes/mainfilephp
|
Interpretation
|
cross-site
|
scripting
|
attackers
|
conflict
|
PHP-Nuke
|
perform
|
allows
|
remote
|
later
|
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
http_protocol.c in (1) IBM HTTP Server 6.0 befo
http_protocolc
|
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
** DISPUTED ** ld.so in FreeBSD, NetBSD, and p
distributions
|
environment
|
privileges
|
variables
|
processes
|
DISPUTED
|
possibly
|
certain
|
harmful
|
loading
|
passing
|
FreeBSD
|
allows
|
NetBSD
|
remove
|
users
|
other
|
local
|
which
|
does
|
ldso
|
gain
|
not
|
BSD
|
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_S
ext/filter
|
PHP
|
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
The _sanitize_globals function in CodeIgniter 1
_sanitize_globals
|
CodeIgniter
|
function
|
The _sanitize_globals function in CodeIgniter 1.5.3 before Thursday, June 28, 2007 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
Multiple unspecified vulnerabilities in Intersp
vulnerabilities
|
ArticleLive
|
unspecified
|
Interspire
|
Multiple
|
before
|
Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to (1) AL_SANITIZE and (2) "Calling the constructor to make sure things are checked, safe mode, etc."
Software vulnerabilities results 1 to 15 of 15
Page:
1