Searching save software vulnerabilities

Solaris Solstice AdminSuite (AdminSuite) 2.1 an

AdminSuite | Solstice | Solaris |

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.


Joe's Own Editor (joe) 2.8 sets the world-reada

Editor | Joe's | Own |

Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.


iptables-save in iptables before 1.2.4 records

iptables-save | iptables | before |

iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.


Multiple buffer overflows in rogue on NetBSD 1.

privileges | malformed | operating | overflows | possibly | Multiple | systems | "games" | entries | earlier | FreeBSD | allows | NetBSD | buffer | users | rogue | local | other | group | save | game | gain | file | via |

Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file.


An incomplete fix for a cross-site scripting (X

cross-site | incomplete | scripting | fix |

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.


Vignette StoryServer 4 and 5, Vignette V/5, and

unauthorized | StoryServer | arbitrary | attackers | vgn_creds | accessing | template | Vignette | possibly | versions | directly | setting | queries | perform | cookie | allows | remote | SELECT | other | value | save | V/5 |

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.


Buffer overflow in the save_embedded_address fu

save_embedded_address | elm/bolthole | function | overflow | filterc | filter | Buffer |

Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.


The execCommand method in Microsoft Internet Ex

execCommand | extensions | attackers | arbitrary | Microsoft | Warning" | Security | Download | Internet | Explorer | command | dialog | method | remote | allows | SaveAs | bypass | files | "File | save | SP2 | via |

The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.


Mozilla Firefox before 0.10.1 allows remote att

Firefox | Mozilla | before |

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.


Microsoft Internet Explorer 6.0 SP1 allows remo

attackers | Microsoft | Explorer | Internet | service | denial | allows | remote | cause | SP1 |

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.


Microsoft Outlook 2002 Connector for IBM Lotus

Microsoft | Outlook |

Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.


The web interface for Lotus Notes mail automati

automatically | attachment | interface | processes | prompting | attackers | web-based | without | conduct | attacks | cookies | easier | remote | makes | which | steal | Notes | Lotus | HTML | mail | user | open | save | web |

The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.


Novell NetMail automatically processes HTML in

automatically | attachment | prompting | processes | attackers | web-based | attacks | conduct | NetMail | cookies | without | easier | remote | Novell | steal | which | makes | user | HTML | open | save |

Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.


URBAN 1.5.3_1 allows local users to overwrite a

overwrite | arbitrary | symlink | attack | allows | files | URBAN | users | local | 153_1 | via |

URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.


The perform_file_save function in GNOME Worksta

perform_file_save | Workstation | function | Command | Center | GNOME |

The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file.


Genius VideoCAM NB Driver does not drop privile

privileges | arbitrary | VideoCAM | opening | allows | saving | Genius | Driver | dialog | "save | users | local | files | which | does | drop | gain | as" | via | not |

Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog.


save_profile.asp in WebEvents (Online Event Reg

save_profileasp | WebEvents |

save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.


** DISPUTED ** PHP remote file inclusion vulne

vulnerability | inclusion | uploadphp | DISPUTED | Upload | remote | file | Rad | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below."


A certain ActiveX control in Morovia Barcode Ac

Professional | Morovia | Barcode | certain | ActiveX | control |

A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.


The ACL plugin in Dovecot before 1.0.3 allows r

Dovecot | before | plugin | ACL |

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.


Software vulnerabilities results 1 to 20 of 60     
Page: 1234