Searching type software vulnerabilities

Buffer overflow in bootpd on OpenBSD, FreeBSD,

malformed | overflow | FreeBSD | systems | OpenBSD | Buffer | bootpd | header | Linux | type | via |

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.


Buffer overflow in CDE mailtool allows local us

Content-Type | privileges | mailtool | overflow | allows | Buffer | users | local | MIME | long | root | gain | CDE | via |

Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.


Buffer overflow in the find_default_type functi

find_default_type | Security-enhanced | libsecure | attackers | overflow | critical | function | Buffer | modify | memory | allow | Linux | which | data | NSA | may |

Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.


Buffer overflow in certain RPC routines in IBM

"variable | arbitrary | attackers | routines | overflow | execute | related | certain | Buffer | type" | allow | code | data | RPC | IBM | may | AIX |

Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."


The System Request menu in IBM AS/400 allows lo

accounts | viewing | Request | allows | object | System | USRPRF | AS/400 | valid | local | users | names | type | menu | list | user | IBM |

The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.


Buffer overflow in Progress 4GL Compiler 9.1D06

containing | arbitrary | attackers | Compiler | overflow | Progress | invalid | execute | earlier | source | Buffer | allows | 91D06 | long | code | type | data | via | 4GL |

Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.


Internet Explorer 5.01 SP3 through 6.0 SP1 does

Explorer | Internet |

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.


Buffer overflow in PINE before 4.58 allows remo

overflow | before | Buffer | PINE |

Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.


Mozilla before 1.7 allows remote web servers to

type="file"> | Javascript | arbitrary | servers | Mozilla | allows | before | | remote | value | files | read | sets | tag | web | via |

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag.


The file download dialog in Mozilla Firefox 0.1

download | Mozilla | Firefox | dialog | file |

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.


LaunchServices in Apple Mac OS X 10.4.x up to 1

LaunchServices | Apple | 104x | Mac |

LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.


The administrative interface in Movable Type al

administrative | extensions | arbitrary | interface | attackers | Movable | upload | allows | under | files | root | Type | web |

The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root.


mt-comments.cgi in Movable Type before 3.2 allo

mt-commentscgi | attackers | redirect | comments | Movable | before | allows | sites | other | users | URLs | Type | web | via |

mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.


RealVNC 4.1.1, and other products that use Real

RealVNC |

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.


auth.c in LibVNCServer 0.7.1 allows remote atta

LibVNCServer | authc |

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.


** DISPUTED ** PHP remote file inclusion vulne

plugins/pluginsphp | vulnerability | inclusion | Discloser | DISPUTED | Jewell | remote | file | PHP | Bob |

** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of Friday, September 01, 2006, CVE analysis concurs with the dispute.


Heap-based buffer overflow in the MCRegEx__Sear

MCRegEx__Search | Heap-based | function | overflow | buffer | 2003b | Build | Pro | AOL | ICQ |

Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.


Cisco IOS allows remote attackers to cause a de

attackers | service | denial | remote | allows | Cisco | cause | IOS |

Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.


Unrestricted file upload vulnerability in userc

vulnerability | Unrestricted | usercpphp | MetaForum | upload | file |

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php.


Software vulnerabilities results 1 to 20 of 287     
Page: 12345...15