see software vulnerabilities
vulnerabilities.aspcode.net
Searching see software vulnerabilities
The WCCP message parsing code in Squid 2.5.STAB
25STABLE7
|
attackers
|
service
|
earlier
|
parsing
|
message
|
remote
|
denial
|
allows
|
Squid
|
cause
|
WCCP
|
code
|
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3,
distributions
|
privileges
|
possibly
|
entering
|
password
|
DISPUTED
|
hitting
|
allows
|
CTRL-C
|
blank
|
using
|
168p7
|
other
|
Linux
|
users
|
local
|
Sudo
|
SuSE
|
gain
|
call
|
then
|
** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty."
The admin interface in eZ publish 3.5 before 3.
interface
|
publish
|
before
|
admin
|
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before Thursday, November 10, 2005 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
Unspecified vulnerability in BEA WebLogic Porta
vulnerability
|
Unspecified
|
retrieved
|
WebLogic
|
JSR-168
|
Portlet
|
session
|
another
|
Portal
|
causes
|
which
|
allow
|
might
|
cache
|
wrong
|
user
|
see
|
SP5
|
BEA
|
one
|
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
userscriptphp
|
arbitrary
|
injection
|
attackers
|
Multiple
|
commands
|
DISPUTED
|
earlier
|
execute
|
remote
|
Minute
|
Green
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on Thursday, May 25, 2006 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.
The ip6_savecontrol function in NetBSD 2.0 thro
ip6_savecontrol
|
configurations
|
IPv4-mapped
|
processing
|
function
|
sockets
|
options
|
service
|
through
|
certain
|
before
|
allows
|
NetBSD
|
denial
|
socket
|
users
|
cause
|
which
|
local
|
under
|
check
|
being
|
does
|
IPv6
|
used
|
see
|
not
|
The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.
PHP remote file inclusion vulnerability in owim
vulnerability
|
See-Commerce
|
owimgphp3
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
Unspecified vulnerability in Jelsoft vBulletin
vulnerability
|
Unspecified
|
vBulletin
|
Jelsoft
|
before
|
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
Unspecified vulnerability in the FTP implementa
implementation
|
CVE-2007-0217
|
vulnerability
|
Unspecified
|
attackers
|
different
|
Microsoft
|
Internet
|
address"
|
Explorer
|
vectors
|
memory
|
remote
|
allows
|
valid
|
issue
|
than
|
"see
|
FTP
|
via
|
Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.
** DISPUTED ** Mozilla Firefox 2.0.0.4 allows
DISPUTED
|
Firefox
|
Mozilla
|
** DISPUTED ** Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition."
Software vulnerabilities results 1 to 11 of 11
Page:
1