top level software vulnerabilities
vulnerabilities.aspcode.net
Searching top level software vulnerabilities
Konqueror in KDE 3.2.3 and earlier allows web s
Konqueror
|
KDE
|
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Internet Explorer 6.0 allows web sites to set c
country-specific
|
top-level
|
attackers
|
Internet
|
fixation
|
Explorer
|
domains
|
perform
|
session
|
cookies
|
user's
|
remote
|
hijack
|
allows
|
attack
|
allow
|
plcuk
|
ltduk
|
sites
|
could
|
which
|
schuk
|
HTTP
|
such
|
web
|
set
|
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Mozilla Firefox 0.9.2 allows web sites to set c
Firefox
|
Mozilla
|
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Unspecified vulnerability in System Communicati
Communications
|
Administrator
|
vulnerability
|
Unspecified
|
Messaging
|
attackers
|
Top-Level
|
Delegated
|
Services
|
allows
|
obtain
|
remote
|
2005Q1
|
System
|
Server
|
Java
|
Sun
|
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif.
Six Apart Movable Type 3.16 allows local users
Movable
|
Apart
|
Type
|
Six
|
Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types.
Unspecified vulnerability in Sun Java System Ac
authentication
|
administrator
|
vulnerability
|
Unspecified
|
privileges
|
top-level
|
amadmin
|
Manager
|
"root"
|
bypass
|
logged
|
Access
|
System
|
allows
|
users
|
local
|
tool
|
Java
|
gain
|
CLI
|
via
|
Sun
|
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
CodeMunkyX (aka free-php.net) Simple Poll 1.0,
CodeMunkyX
|
CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application.
Mozilla Firefox before 1.5.0.5, Thunderbird bef
Firefox
|
Mozilla
|
before
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.
Cross-site scripting (XSS) vulnerability in Sha
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806.
SQL injection vulnerability in Shalwan MusicBox
vulnerability
|
injection
|
MusicBox
|
Shalwan
|
SQL
|
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.
Moodle before 1.6.2, when the configuration lac
before
|
Moodle
|
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
Check Point FireWall-1 allows remote attackers
certificate
|
FireWall-1
|
revocation
|
attackers
|
obtain
|
allows
|
remote
|
lists
|
Check
|
Point
|
Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp).
Cross-site scripting (XSS) vulnerability in php
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
Cross-site scripting (XSS) vulnerability in Qui
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-Saturday, June 24, 2006 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
arbitrary
|
attackers
|
directory
|
traversal
|
Multiple
|
LoveCMS
|
remote
|
files
|
allow
|
read
|
via
|
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
Cross-site scripting (XSS) vulnerability in Lov
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
Pyrophobia
|
traversal
|
directory
|
Multiple
|
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI, or the (3) action parameter to admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
SQL injection vulnerability in Rigter Portal Sy
vulnerability
|
injection
|
Portal
|
System
|
Rigter
|
SQL
|
SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.
SQL injection vulnerability in EfesTECH Haber 5
vulnerability
|
arbitrary
|
attackers
|
parameter
|
top-level
|
injection
|
EfesTECH
|
commands
|
execute
|
allows
|
remote
|
Haber
|
URI
|
SQL
|
via
|
SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.
Software vulnerabilities results 1 to 20 of 117
Page:
1
2
3
4
5
6
►