supplied software vulnerabilities
vulnerabilities.aspcode.net
Searching supplied software vulnerabilities
The log files in Apache web server contain info
information
|
characters
|
addresses
|
attackers
|
directly
|
requests
|
supplied
|
programs
|
control
|
clients
|
contain
|
viewed
|
remote
|
Apache
|
source
|
server
|
filter
|
spoof
|
allow
|
quote
|
files
|
could
|
which
|
logs
|
such
|
UNIX
|
tail
|
HTTP
|
hide
|
does
|
grep
|
cat
|
not
|
web
|
log
|
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
VPN Server module in Linksys EtherFast BEFVP41
EtherFast
|
Cable/DSL
|
BEFVP41
|
Linksys
|
before
|
Router
|
Server
|
module
|
VPN
|
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
The design of the Internet Key Exchange (IKE) p
Exchange
|
Internet
|
design
|
Key
|
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier
UniVerse
|
uvadmsh
|
IBM
|
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
KisMAC before 0.05d trusts user-supplied variab
user-supplied
|
$DRIVER_KEXT
|
environment
|
privileges
|
arbitrary
|
variables
|
variable
|
modules
|
kernels
|
allows
|
KisMAC
|
trusts
|
kernel
|
before
|
users
|
which
|
local
|
used
|
005d
|
load
|
gain
|
via
|
KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.
KisMAC before 0.05d trusts user-supplied variab
user-supplied
|
$DRIVER_KEXT
|
environment
|
directories
|
privileges
|
chown'ing
|
variables
|
variable
|
allows
|
KisMAC
|
trusts
|
before
|
users
|
which
|
local
|
files
|
gain
|
005d
|
via
|
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.
** DISPUTED ** NOTE: this issue has been dispu
DISPUTED
|
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
The triggers in Oracle 9i and 10g allow local u
privileged
|
privileges
|
partially
|
triggers
|
sequence
|
Oracle
|
using
|
local
|
allow
|
users
|
gain
|
10g
|
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
qpopper 4.0.5 and earlier does not properly dro
qpopper
|
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
SQL injection vulnerability in the user profile
vulnerability
|
profilephp
|
injection
|
profile
|
module
|
PunBB
|
user
|
edit
|
SQL
|
SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.
Eval injection vulnerability in bvh_import.py i
vulnerability
|
bvh_importpy
|
injection
|
Blender
|
Eval
|
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
** DISPUTED ** Kwik-Pay Payroll 4.2.20, and po
Kwik-Pay
|
DISPUTED
|
Payroll
|
** DISPUTED ** Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers."
Eval injection vulnerability in Template.php in
vulnerability
|
Templatephp
|
HAMweather
|
injection
|
Eval
|
Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function.
Multiple eval injection vulnerabilities in iGen
vulnerabilities
|
parameter
|
injection
|
attackers
|
arbitrary
|
supplied
|
Multiple
|
function
|
iGeneric
|
execute
|
action
|
remote
|
allow
|
which
|
eval
|
call
|
Shop
|
code
|
via
|
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
Eval injection vulnerability in poll_frame.php
vulnerability
|
poll_framephp
|
CVE-2005-4632
|
arbitrary
|
parameter
|
attackers
|
injection
|
different
|
possibly
|
function
|
supplied
|
poll_id
|
execute
|
scripts
|
allows
|
remote
|
other
|
which
|
type
|
Vote
|
Eval
|
than
|
code
|
call
|
via
|
Pro
|
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
Multiple eval injection vulnerabilities in Vote
vulnerabilities
|
CVE-2007-0504
|
unspecified
|
attackers
|
arbitrary
|
parameter
|
different
|
injection
|
supplied
|
requests
|
possibly
|
Multiple
|
function
|
vectors
|
poll_id
|
scripts
|
earlier
|
execute
|
remote
|
allow
|
calls
|
which
|
code
|
than
|
eval
|
Vote
|
set
|
Pro
|
via
|
PHP
|
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Visual truncation vulnerability in Windows Priv
vulnerability
|
truncation
|
Privacy
|
Windows
|
Visual
|
Tray
|
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe.
Software vulnerabilities results 1 to 19 of 19
Page:
1