stored software vulnerabilities
vulnerabilities.aspcode.net
Searching stored software vulnerabilities
IBM WebSphere sets permissions that allow a loc
deinstallation
|
permissions
|
WebSphere
|
/usr/bin
|
modify
|
stored
|
script
|
allow
|
files
|
local
|
user
|
data
|
sets
|
IBM
|
its
|
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
Oracle Webserver 2.1, when serving PL/SQL store
procedures
|
attackers
|
Webserver
|
request
|
serving
|
service
|
Oracle
|
denial
|
stored
|
PL/SQL
|
remote
|
allows
|
cause
|
HTTP
|
long
|
via
|
GET
|
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
FTPPro allows local users to read sensitive inf
information
|
sensitive
|
allows
|
FTPPro
|
stored
|
local
|
plain
|
which
|
users
|
text
|
read
|
FTPPro allows local users to read sensitive information, which is stored in plain text.
The administrative password for the Allmanage w
administration
|
administrative
|
plaintext
|
attackers
|
Allmanage
|
accessed
|
software
|
password
|
remote
|
stored
|
could
|
which
|
site
|
file
|
web
|
The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers.
Internet Explorer 5.50.4134.0100 on Windows ME
Explorer
|
Internet
|
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
Buffer overflows in extended stored procedures
procedures
|
Microsoft
|
overflows
|
extended
|
Server
|
Buffer
|
stored
|
SQL
|
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
SQL injection vulnerability in stored procedure
vulnerability
|
procedures
|
Microsoft
|
injection
|
Server
|
stored
|
SQL
|
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
Microsoft SQL Server 7.0 and 2000 installs with
Microsoft
|
Server
|
SQL
|
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
Microsoft SQL Server 2000 SP2, when configured
Microsoft
|
Server
|
SQL
|
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
Sharp Zaurus PDA SL-5000D and SL-5500 uses a sa
screen-locking
|
Securityconf
|
password
|
SL-5000D
|
encrypt
|
methods
|
SL-5500
|
stored
|
easier
|
Zaurus
|
makes
|
which
|
local
|
users
|
force
|
Sharp
|
guess
|
brute
|
salt
|
uses
|
"A0"
|
file
|
via
|
PDA
|
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
SQL injection vulnerability in Snitz Forums 200
vulnerability
|
injection
|
Forums
|
Snitz
|
SQL
|
SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and earlier allows remote attackers to execute arbitrary stored procedures via the Email variable.
Microsoft SQL Server before Windows 2000 SP4 al
Microsoft
|
Windows
|
before
|
Server
|
SQL
|
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
exit.c in Linux kernel 2.6-test9-CVS, as stored
__WCLONE|__WALL
|
kernelbkbitsnet
|
26-test9-CVS
|
privileges
|
sys_wait4
|
backdoor
|
modified
|
function
|
passing
|
elevate
|
contain
|
stored
|
kernel
|
their
|
which
|
Linux
|
exitc
|
could
|
users
|
local
|
allow
|
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
The BT Voyager 2000 Wireless ADSL Router has a
Voyager
|
The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext.
Cross-site scripting (XSS) vulnerability in GBo
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.
Easy CMS stores the images directory under the
insufficient
|
directory
|
attackers
|
browsing
|
document
|
possibly
|
control
|
enabled
|
stored
|
remote
|
allows
|
images
|
stores
|
access
|
under
|
which
|
list
|
read
|
root
|
Easy
|
web
|
CMS
|
Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory.
Unspecified vulnerability in util.php in Galler
authenticated
|
vulnerability
|
Unspecified
|
modifying
|
executing
|
involving
|
arbitrary
|
possibly
|
Gallery
|
152-pl2
|
utilphp
|
vectors
|
crafted
|
before
|
stored
|
allows
|
remote
|
trick
|
users
|
album
|
owner
|
link
|
file
|
data
|
into
|
code
|
via
|
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
Direct static code injection vulnerability in a
admin/configphp
|
vulnerability
|
injection
|
vscripts
|
Direct
|
static
|
code
|
Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php.
Direct static code injection vulnerability in P
vulnerability
|
authenticated
|
adminitrators
|
set_incphp
|
arbitrary
|
injection
|
settings
|
execute
|
certain
|
editing
|
Publish
|
allows
|
stored
|
static
|
Direct
|
rmeote
|
which
|
code
|
PHP
|
Pro
|
Direct static code injection vulnerability in Pro Publish 2.0 allows rmeote authenticated adminitrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php.
A recommended admin password reset mechanism fo
recommended
|
mechanism
|
WebLogic
|
followed
|
password
|
October
|
before
|
Server
|
admin
|
reset
|
BEA
|
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
Software vulnerabilities results 1 to 20 of 94
Page:
1
2
3
4
5
►