tasks software vulnerabilities
vulnerabilities.aspcode.net
Searching tasks software vulnerabilities
The xp_runwebtask stored procedure in the Web T
xp_runwebtask
|
Microsoft
|
component
|
procedure
|
stored
|
Server
|
Tasks
|
Web
|
SQL
|
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
** DISPUTED ** Multiple PHP remote file include
vulnerabilities
|
dotProject
|
DISPUTED
|
Multiple
|
include
|
remote
|
file
|
PHP
|
** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product.
Linux kernel 2.6.16-rc2 and earlier, when runni
preemption
|
2616-rc2
|
systems
|
service
|
enabled
|
earlier
|
running
|
allows
|
denial
|
x86_64
|
kernel
|
cause
|
Linux
|
local
|
users
|
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.
The installation of SQLAnywhere in Symantec Gho
installation
|
SQLAnywhere
|
Solutions
|
Symantec
|
Suite
|
Ghost
|
used
|
The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.
Race condition in Linux kernel 2.6.15 to 2.6.17
condition
|
kernel
|
Linux
|
Race
|
Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.
Multiple unspecified cross-site scripting (XSS)
unspecified
|
cross-site
|
scripting
|
Multiple
|
Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."
Unspecified vulnerability in com_content in Joo
vulnerability
|
com_content
|
Unspecified
|
before
|
Joomla
|
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
Multiple SQL injection vulnerabilities in the G
vulnerabilities
|
injection
|
loginphp
|
Multiple
|
Gadget
|
Google
|
SQL
|
Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters.
The Login Window in Apple Mac OS X 10.4 through
Window
|
Apple
|
Login
|
Mac
|
The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.
PHP remote file inclusion vulnerability in task
tasks/send_queued_emailsphp
|
register_globals
|
vulnerability
|
NuclearBB
|
parameter
|
attackers
|
arbitrary
|
inclusion
|
root_path
|
execute
|
enabled
|
remote
|
allows
|
Alpha
|
code
|
file
|
PHP
|
via
|
URL
|
PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
Sun Java System Access Manager 7.1, when instal
administrative
|
authentication
|
Application
|
container
|
attackers
|
installed
|
restart
|
perform
|
Manager
|
remote
|
allows
|
demand
|
Access
|
Server
|
System
|
tasks
|
after
|
which
|
Java
|
does
|
Sun
|
not
|
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
Software vulnerabilities results 1 to 12 of 12
Page:
1