success software vulnerabilities
vulnerabilities.aspcode.net
Searching success software vulnerabilities
A Windows NT system's user audit policy does no
Management
|
Shutdown
|
Tracking
|
Security
|
system's
|
success
|
failure
|
Changes
|
Restart
|
Process
|
Windows
|
Access
|
Rights
|
policy
|
Object
|
System
|
Logoff
|
audit
|
event
|
Logon
|
Group
|
does
|
File
|
user
|
not
|
Use
|
log
|
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.
A Windows NT system's file audit policy does no
non-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
A Windows NT system's registry audit policy doe
security-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
A Windows NT system's registry audit policy doe
non-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
The php_check_safe_mode_include_dir function in
php_check_safe_mode_include_dir
|
fopen_wrappersc
|
function
|
success
|
returns
|
value
|
PHP
|
43x
|
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
ldbm_back_exop_passwd in the back-ldbm backend
ldbm_back_exop_passwd
|
back-ldbm
|
OpenLDAP
|
passwdc
|
backend
|
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
The file server in ActivePost Standard 3.1 and
authenticated
|
information
|
ActivePost
|
sensitive
|
uploading
|
Standard
|
success
|
message
|
reveals
|
earlier
|
allows
|
server
|
obtain
|
remote
|
users
|
which
|
file
|
path
|
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.
packet.c in ssh in OpenSSH allows remote attack
attackers
|
OpenSSH
|
packetc
|
service
|
denial
|
allows
|
remote
|
cause
|
ssh
|
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
pam_ldap in nss_ldap on Red Hat Enterprise Linu
PasswordPolicyResponse
|
pam_authenticate
|
authentication
|
distributions
|
xscreensaver
|
originally
|
Enterprise
|
condition
|
directory
|
responds
|
function
|
response
|
nss_ldap
|
possibly
|
pam_ldap
|
reported
|
control
|
success
|
earlier
|
causes
|
return
|
failed
|
Fedora
|
server
|
Linux
|
other
|
error
|
which
|
even
|
does
|
LDAP
|
Core
|
code
|
Hat
|
Red
|
has
|
not
|
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
The NFS client implementation in the kernel in
implementation
|
Enterprise
|
kernel
|
client
|
Linux
|
NFS
|
Red
|
Hat
|
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.
user.php in the Billing Control Panel in phpCou
custom=upgrade
|
status=success
|
authenticated
|
transactions
|
substrings
|
containing
|
parameter
|
phpCoupon
|
possibly
|
modified
|
REQ=auth
|
related
|
coupons
|
certain
|
acquire
|
Billing
|
Premium
|
Control
|
userphp
|
remote
|
allows
|
obtain
|
Member
|
PayPal
|
status
|
Panel
|
users
|
free
|
via
|
URL
|
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.
Software vulnerabilities results 1 to 15 of 15
Page:
1