unsafe software vulnerabilities

Searching unsafe software vulnerabilities

Solaris Solstice AdminSuite (AdminSuite) 2.1 us

Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.

asecure as included with HP-UX 10.01 through 11

included | asecure | HP-UX |

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.

Buffer overflow in (1) gv 3.5.8 and earlier, (2

overflow | Buffer |

Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.

Internet Explorer 5.01 SP3 through 6.0 SP1 does

Explorer | Internet |

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

The Sun Java Plugin capability in Java 2 Runtim

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code.

modes.c in smail 3.2.0.120 implements signal ha

modesc | smail |

modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc.

The Download Validation in Mail in Mac OS X 10.

Validation | Download | Mail | Mac |

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

LaunchServices in Apple Mac OS X 10.4.6 allows

LaunchServices | Apple | Mac |

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.

vmware-config.pl in VMware for Linux, ESX Serve

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

The WZFILEVIEW.FileViewCtrl.61 ActiveX control

WZFILEVIEWFileViewCtrl61 | control | ActiveX |

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

Unspecified binaries in IBM DB2 8.x before 8.1

Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

Kaspersky Anti-Virus 6.0 and Internet Security

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

Trac before 0.10.3.1 does not send a Content-Di

before | Trac |

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

Apple QuickTime for Java 7.1.6 on Mac OS X and

QuickTime | Apple | Java |

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

The IBM Lenovo Access Support acpRunner ActiveX

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.

Mozilla Firefox does not properly manage a dela

Mozilla Firefox does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, aka the "dialog refocus bug."

The Java interface to CoreAudio on Apple Mac OS

The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.

Software vulnerabilities results 1 to 18 of 18

Page: 1

unsafe software vulnerabilities

vulnerabilities.aspcode.net

Searching unsafe software vulnerabilities