Searching sets software vulnerabilities

Vulnerability in Desktop searchbook program in

Vulnerability | permissions | searchbook | insecure | through | certain | program | Desktop | files | user | IRIX | sets | 50x |

Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook).


Solaris Solstice AdminSuite (AdminSuite) 2.1 in

AdminSuite | Solstice | Solaris |

Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.


Joe's Own Editor (joe) 2.8 sets the world-reada

Editor | Joe's | Own |

Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.


WircSrv IRC Server 5.07s allows IRC operators t

importmotd | operators | arbitrary | command | WircSrv | Message | allows | Server | which | files | 507s | sets | read | Day | IRC | via |

WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.


The default configuration of McAfee VirusScan 4

configuration | "commonexe" | improperly | ImagePath | VirusScan | variable | program | default | search | allows | Trojan | McAfee | place | users | horse | quote | which | local | does | sets | path | not |

The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.


StarOffice 5.2 follows symlinks and sets world-

/tmp/sofficetmp | world-readable | permissions | StarOffice | directory | symlinks | follows | allows | local | files | which | using | read | sets | user |

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.


Phorum 3.0.7 allows remote attackers to change

Phorum |

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.


common.inc.php in phpWebLog 0.4.2 does not prop

commonincphp | phpWebLog |

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.


PHP-Nuke 5.2 allows remote attackers to copy an

casefilemanagerphp | attackers | arbitrary | $PHP_SELF | variable | argument | adminphp | PHP-Nuke | calling | instead | allows | called | appear | remote | delete | files | being | which | makes | user | sets | copy |

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.


CCCSoftware CCC PHP script allows remote attack

CCCSoftware | includedir | attackers | arbitrary | variable | include | request | allows | remote | script | sites | files | HTTP | sets | CCC | PHP | web | via |

CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.


Dark Hart Portal (darkportal) PHP script allows

Portal | Hart | Dark |

Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.


Empris PHP script allows remote attackers to in

includedir | arbitrary | attackers | variable | include | request | script | Empris | remote | allows | sites | files | sets | HTTP | PHP | via | web |

Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.


Webodex PHP script 1.0 and earlier allows remot

includedir | attackers | arbitrary | variable | earlier | request | Webodex | include | allows | remote | script | sites | files | HTTP | sets | PHP | web | via |

Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.


Internet Explorer 5.0 through 6.0 allows remote

references | attackers | determine | existence | Internet | property | elements | Explorer | certain | through | target | dynsrc | object | allows | remote | client | which | image | files | sets | size | such | file | via | IMG | tag |

Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.


PF in OpenBSD 3.0 with the return-rst rule sets

return-rst | OpenBSD | sets | rule | TTL |

PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.


IPFilter 3.4.25 and earlier sets a different TT

IPFilter |

IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.


Mozilla before 1.7 allows remote web servers to

type="file"> | Javascript | arbitrary | servers | Mozilla | allows | before | | remote | value | files | read | sets | tag | web | via |

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag.


ADP Elite System Max 9000 allows remote authent

System | Elite | Max | ADP |

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.


templates.admin.users.user_form_processing in B

templatesadminusersuser_form_processing | Reporter | before | Blue | Coat |

templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.


The post-installation script for ntlmaps before

post-installation | ntlmaps | before | script |

The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.


Software vulnerabilities results 1 to 20 of 88     
Page: 12345