saved software vulnerabilities
vulnerabilities.aspcode.net
Searching saved software vulnerabilities
Outlook Express 6.0, with "Do not allow attachm
attachments
|
potentially
|
forwarded
|
arbitrary
|
attackers
|
messages
|
execute
|
enabled
|
Express
|
Outlook
|
remote
|
opened
|
virus"
|
allow
|
which
|
could
|
saved
|
block
|
email
|
code
|
does
|
not
|
"Do
|
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
Workgroup Manager in Apple Mac OS X Server 10.2
Workgroup
|
Manager
|
Server
|
Apple
|
Mac
|
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
Elm ME+ 2.4 before PL109S, when installed setgi
unspecified
|
privileges
|
installed
|
operating
|
support
|
vectors
|
certain
|
allows
|
PL109S
|
setgid
|
modify
|
system
|
before
|
group
|
files
|
users
|
POSIX
|
lacks
|
saved
|
local
|
mail
|
read
|
Elm
|
ME+
|
via
|
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
Race condition in the can_open function in Elm
privileges
|
operating
|
installed
|
condition
|
can_open
|
function
|
certain
|
support
|
allows
|
modify
|
system
|
setgid
|
files
|
group
|
users
|
local
|
lacks
|
POSIX
|
saved
|
Race
|
mail
|
read
|
Elm
|
ME+
|
Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group.
HyperTerminal application for Windows NT 4.0, W
HyperTerminal
|
application
|
Windows
|
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
** DISPUTED ** Mozilla Firefox 1.5.0.1, and po
DISPUTED
|
Firefox
|
Mozilla
|
** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."
** DISPUTED ** Zone Alarm Pro 1.0 through 5.1
%windir%\Internet
|
permissions
|
modifying
|
EVERYONE
|
DISPUTED
|
contents
|
service
|
through
|
allows
|
denial
|
folder
|
access
|
Logs\*
|
users
|
cause
|
gives
|
Alarm
|
group
|
local
|
which
|
Zone
|
full
|
Pro
|
** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file.
D-Link DSL-504T allows remote attackers to bypa
authentication
|
configuration
|
firmwarecfg
|
privileges
|
attackers
|
DSL-504T
|
firmware
|
restart
|
restore
|
request
|
upgrade
|
bypass
|
direct
|
remote
|
D-Link
|
allows
|
router
|
saved
|
such
|
gain
|
via
|
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
The on-access scanner for McAfee Virex 7.7 for
circumstances
|
demonstrated
|
protection
|
malicious
|
Macintosh
|
on-access
|
attackers
|
accessed
|
activate
|
prevent
|
browser
|
content
|
scanner
|
remote
|
allows
|
McAfee
|
bypass
|
virus
|
might
|
EICAR
|
using
|
Virex
|
which
|
being
|
saved
|
test
|
some
|
file
|
web
|
not
|
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.
The configuration of NetHack 3.4.3-r1 and earli
configuration
|
Falcon's
|
Slash'EM
|
earlier
|
NetHack
|
343-r1
|
194a
|
Eye
|
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
Unspecified vulnerability in Microsoft Internet
vulnerability
|
Unspecified
|
Microsoft
|
Explorer
|
Internet
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
IBM Client Security Password Manager stores and
distributes
|
credentials
|
passwords
|
attackers
|
Password
|
username
|
Security
|
changing
|
Manager
|
website
|
remote
|
allows
|
Client
|
obtain
|
stores
|
based
|
saved
|
which
|
title
|
HTML
|
page
|
upon
|
IBM
|
IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.
Buffer overflow in the Advanced Search (Finder.
Advanced
|
overflow
|
Search
|
Buffer
|
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
Cross-site scripting (XSS) vulnerability in Dev
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Unrestricted file upload vulnerability in sitex
vulnerability
|
verification
|
Unrestricted
|
attackers
|
arbitrary
|
extension
|
filename
|
double
|
avatar
|
upload
|
allows
|
remote
|
phpjpg
|
saved
|
sitex
|
fails
|
which
|
code
|
file
|
such
|
PHP
|
via
|
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and pro
xmlrpc
|
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Unspecified vulnerability in Apple Safari allow
vulnerability
|
information
|
Unspecified
|
sensitive
|
obtain
|
allows
|
Safari
|
Apple
|
local
|
users
|
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.
Cross-site scripting (XSS) vulnerability in Mic
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Software vulnerabilities results 1 to 20 of 28
Page:
1
2
►