specified software vulnerabilities
vulnerabilities.aspcode.net
Searching specified software vulnerabilities
Internet Explorer 4.01 allows remote attackers
Explorer
|
Internet
|
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
useradd in Solaris 7.0 does not properly interp
interpret
|
specified
|
properly
|
certain
|
useradd
|
formats
|
Solaris
|
does
|
"-e"
|
date
|
not
|
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
Operating systems with shared memory implementa
implementations
|
Operating
|
conduct
|
systems
|
service
|
bypass
|
limits
|
shared
|
memory
|
denial
|
based
|
allow
|
code
|
user
|
BSD
|
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
LPPlus creates the lpdprocess file with world-w
world-writeable
|
permissions
|
dcclpdshut
|
specifying
|
lpdprocess
|
processes
|
arbitrary
|
alternate
|
specified
|
creates
|
program
|
process
|
allows
|
LPPlus
|
setuid
|
using
|
which
|
local
|
users
|
file
|
kill
|
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
The dccscan setuid program in LPPlus does not p
permissions
|
specified
|
arbitrary
|
properly
|
program
|
dccscan
|
setuid
|
allows
|
LPPlus
|
which
|
print
|
files
|
users
|
local
|
check
|
does
|
user
|
file
|
not
|
has
|
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
dump in Red Hat Linux 6.2 trusts the pathname s
environmental
|
privileges
|
specified
|
modifying
|
variable
|
pathname
|
program
|
allows
|
trusts
|
obtain
|
Trojan
|
point
|
horse
|
users
|
which
|
Linux
|
local
|
dump
|
root
|
Red
|
RSH
|
Hat
|
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
restore 0.4b15 and earlier in Red Hat Linux 6.2
environmental
|
privileges
|
modifying
|
specified
|
pathname
|
variable
|
restore
|
earlier
|
program
|
allows
|
obtain
|
trusts
|
Trojan
|
04b15
|
horse
|
point
|
which
|
Linux
|
local
|
users
|
root
|
Hat
|
Red
|
RSH
|
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
The License Manager (mathlm) for Mathematica 4.
Manager
|
License
|
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.
Buffer overflow in Progress database 8.3D and 9
specified
|
arbitrary
|
overflow
|
database
|
Progress
|
entries
|
execute
|
Buffer
|
allows
|
files
|
local
|
users
|
long
|
code
|
83D
|
91C
|
via
|
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
iptables-save in iptables before 1.2.4 records
iptables-save
|
iptables
|
before
|
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
iptables before 1.2.4 does not accurately conve
iptables
|
before
|
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
The Load method in the Chart component of Offic
Components
|
component
|
Office
|
method
|
Chart
|
Load
|
Web
|
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.
The processor_web plugin for ModLogAn 0.5.0 thr
processor_web
|
ModLogAn
|
plugin
|
The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.
Joe Testa hellbent 01 webserver allows attacker
hellbentprefs
|
demonstrated
|
attackers
|
specified
|
webserver
|
hellbent
|
creating
|
similar
|
allows
|
Testa
|
files
|
using
|
root
|
name
|
read
|
file
|
web
|
Joe
|
Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow.
gPS before 1.1.0 does not properly follow the r
before
|
gPS
|
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
cdrecord in the cdrtools package before 2.01, w
cdrtools
|
cdrecord
|
package
|
before
|
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
Unknown vulnerability in Apache 2.0.51 prevents
vulnerability
|
Unknown
|
Apache
|
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
stmkfont in HP-UX B.11.00 through B.11.23 relie
user-specified
|
environment
|
arbitrary
|
executing
|
malicious
|
modifying
|
commands
|
variable
|
programs
|
stmkfont
|
execute
|
through
|
certain
|
relies
|
allows
|
point
|
B1123
|
B1100
|
HP-UX
|
which
|
users
|
local
|
PATH
|
code
|
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
SalesLogix 6.1 uses client-specified pathnames
client-specified
|
authenticated
|
SalesLogix
|
arbitrary
|
pathnames
|
certain
|
execute
|
writing
|
remote
|
create
|
users
|
which
|
files
|
allow
|
might
|
code
|
uses
|
via
|
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
Integer overflow in AnywhereUSB/5 1.80.00 allow
AnywhereUSB/5
|
overflow
|
Integer
|
Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.
Software vulnerabilities results 1 to 20 of 92
Page:
1
2
3
4
5
►