types software vulnerabilities

Searching types software vulnerabilities

The Microsoft Active Movie ActiveX Control in I

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

The -ftrapv compiler option in gcc and g++ 3.3.

The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.

Teamware Office Enterprise Directory allows rem

Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.

The document management module in NOLA 1.1.1 an

management | document | module | NOLA |

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.

Internet Explorer 5.01 SP3 through 6.0 SP1 does

Explorer | Internet |

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

OpenSSL 0.9.6 before 0.9.6d does not properly h

OpenSSL |

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Format string vulnerability in ez-ipupdate.c fo

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

Opera 7.54 and earlier allows remote attackers

Opera |

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.

Opera 7.54 and earlier uses kfmclient exec to h

Opera |

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

ImageManager in e107 before 0.617 does not prop

ImageManager | before | e107 |

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Unspecified vulnerability in ASN.1 Compiler (as

vulnerability | Unspecified | Compiler | ASN1 |

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."

resmgr in SUSE CORE 9 does not properly identif

resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.

users.ini.php in BoastMachine 3.0 does not prop

users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.

Discuz! 4.0 rc4 does not properly restrict type

Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.

Exponent CMS 0.96.3 and later versions does not

Exponent | CMS |

Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.

Six Apart Movable Type 3.16 allows local users

Movable | Apart | Type | Six |

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types.

Unrestricted file upload vulnerability in eZ pu

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before Thursday, September 22, 2005 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

The Download Validation in Mail in Mac OS X 10.

Validation | Download | Mail | Mac |

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

Fujistu FENCE-Pro before V5L01, and Systemwalke

Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.

Cross-site request forgery (CSRF) vulnerability

Cross-site | forgery | request |

Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.

Software vulnerabilities results 1 to 20 of 48

Page: 12 3 ►

types software vulnerabilities

vulnerabilities.aspcode.net

Searching types software vulnerabilities