Searching set software vulnerabilities

An unrestricted remote trust relationship for U

/etc/hostsequiv | relationship | unrestricted | systems | remote | using | trust | sign | Unix | been | set | has |

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.


Solaris 2.4 before kernel jumbo patch -35 allow

privileges | overwrite | programs | set-gid | causing | through | Solaris | before | higher | create | kernel | allows | which | local | users | group | patch | jumbo | dmesg | files | even | core | dump | user | real | -35 | not |

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.


Cayman 3220-H DSL Router 1.0 ship without a pas

unauthorized | attackers | password | without | allows | Cayman | remote | 3220-H | Router | access | which | gain | ship | DSL | set |

Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.


The Install Wizard for nCipher MSCAPI CSP 5.50

nCipher | Install | MSCAPI | Wizard | CSP |

The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).


domesticinstall.exe for nCipher MSCAPI CSP 5.50

domesticinstallexe | nCipher | MSCAPI | CSP |

domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).


index.php in dotProject 0.2.1.5 allows remote a

dotProject | indexphp |

index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.


"Memory bugs" in OpenSSH 3.7.1 and earlier, wit

OpenSSH | "Memory | bugs" |

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.


Internet Explorer 6 on Double Byte Character Se

Character | Explorer | Internet | Double | Byte | Set |

Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."


SQL injection vulnerability in the SYS.DBMS_CDC

SYSDBMS_CDC_IPUBLISHCREATE_SCN_CHANGE_SET | CHANGE_SET_NAME | vulnerability | attackers | arbitrary | injection | parameter | procedure | commands | Database | execute | Server | Oracle | remote | allows | via | SQL | 10g |

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.


set_lang.php in phpMyVisites 1.3 allows remote

phpMyVisites | set_langphp | parameter | arbitrary | attackers | include | mylang | allows | remote | files | read | via |

set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.


Certain system calls in Apple Mac OS X 10.4.1 d

Certain | system | Apple | calls | Mac |

Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.


The (1) Kate and (2) Kwrite applications in KDE


The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.


The (1) clcs and (2) emuxki drivers in NetBSD 1


The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.


eRoom does not set an expiration for Cookies, w

expiration | attackers | attacks | Cookies | conduct | capture | remote | allows | replay | eRoom | which | does | set | not |

eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.


phpldapadmin before 0.9.6c allows remote attack

disable_anon_bind | anonymous_bind | phpldapadmin | attackers | anonymous | parameter | loginphp | request | server | remote | allows | access | before | HTTP | LDAP | gain | 096c | even | via | set |

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.


MiniGal 2 (MG2) 0.5.1 allows remote attackers t

MiniGal |

MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.


NetBSD 1.6 up to 3.0, when a user has "set reco

default | record" | creates | record | mailrc | NetBSD | umask | user | "set | file | has | set |

NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.


Multiple unspecified format string vulnerabilit

vulnerabilities | CVE-2006-2480 | unspecified | different | Multiple | vectors | attack | issues | format | string | impact | than | have | Dia | set |

Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.


IBM Informix Dynamic Server (IDS) allows remote

Informix | Dynamic | Server | IBM |

IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands.


The perfstat kernel extension in bos.perf.perfs

bosperfperfstat | privileges | processing | extension | perfstat | service | kernel | allows | denial | verify | users | local | which | cause | does | call | AIX | not | SET |

The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.


Software vulnerabilities results 1 to 20 of 406     
Page: 12345...21