uris software vulnerabilities
vulnerabilities.aspcode.net
Searching uris software vulnerabilities
Foundry Networks ServerIron switches do not dec
vulnerabilities
|
inaccessible
|
ServerIron
|
otherwise
|
attackers
|
different
|
"url-map"
|
intended
|
switches
|
Networks
|
applying
|
traffic
|
Foundry
|
exploit
|
forward
|
server
|
switch
|
easier
|
decode
|
which
|
rules
|
would
|
could
|
cause
|
make
|
than
|
URIs
|
not
|
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
WebEOC before 6.0.2 stores sensitive informatio
before
|
WebEOC
|
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allow
Thunderbird
|
Firefox
|
Mozilla
|
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
Gadu-Gadu 7.20 allows remote attackers to cause
Gadu-Gadu
|
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
zenphoto 1.0.1 beta and earlier allow remote at
zenphoto
|
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
Unspecified vulnerability in IBM WebSphere Appl
vulnerability
|
Application
|
Unspecified
|
WebSphere
|
Server
|
IBM
|
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.
course/jumpto.php in Moodle before 1.6.2 does n
course/jumptophp
|
before
|
Moodle
|
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
SimpleFileServlet in IBM WebSphere Application
SimpleFileServlet
|
Application
|
WebSphere
|
Server
|
IBM
|
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
IBM WebSphere Application Server (WAS) 5.0 thro
Application
|
WebSphere
|
Server
|
IBM
|
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
Cross-zone vulnerability in Mozilla Firefox 1.5
vulnerability
|
Cross-zone
|
Firefox
|
Mozilla
|
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Cross-zone scripting vulnerability in the DOM t
vulnerability
|
Cross-zone
|
templates
|
scripting
|
DOM
|
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.
Cross-zone scripting vulnerability in the DOM t
vulnerability
|
Cross-zone
|
templates
|
scripting
|
DOM
|
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10
CFNetwork
|
Apple
|
Mac
|
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers.
** DISPUTED ** Microsoft Internet Explorer 6 e
character
|
Microsoft
|
arbitrary
|
"script"
|
sequence
|
Internet
|
DISPUTED
|
executes
|
Explorer
|
ending
|
script
|
scheme
|
using
|
names
|
URIs
|
web
|
** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar."
Mozilla Firefox before 1.8.0.13 and 1.8.1.x bef
Firefox
|
Mozilla
|
before
|
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
The AOL Instant Messenger (AIM) protocol handle
Messenger
|
Instant
|
AOL
|
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Argument injection vulnerability in Microsoft I
metacharacters
|
CVE-2007-3670
|
vulnerability
|
cross-browser
|
SeaMonkeyexe
|
registered
|
installed
|
Microsoft
|
attackers
|
scripting
|
injection
|
SeaMonkey
|
arbitrary
|
inserted
|
Argument
|
Internet
|
Explorer
|
commands
|
invoking
|
related
|
created
|
command
|
attacks
|
conduct
|
certain
|
execute
|
running
|
systems
|
remote
|
allows
|
mailto
|
shell
|
issue
|
which
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
Argument injection vulnerability involving Mozi
metacharacters
|
CVE-2007-3670
|
cross-browser
|
vulnerability
|
unspecified
|
registered
|
attackers
|
arbitrary
|
scripting
|
involving
|
injection
|
Argument
|
commands
|
handling
|
inserted
|
invoking
|
similar
|
certain
|
conduct
|
command
|
execute
|
Mozilla
|
process
|
attacks
|
remote
|
allows
|
shell
|
which
|
issue
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Argument injection vulnerability involving Micr
metacharacters
|
cross-browser
|
CVE-2007-3670
|
vulnerability
|
unspecified
|
registered
|
involving
|
attackers
|
scripting
|
arbitrary
|
injection
|
Microsoft
|
handling
|
commands
|
Argument
|
invoking
|
inserted
|
command
|
similar
|
process
|
certain
|
conduct
|
Express
|
attacks
|
Outlook
|
execute
|
allows
|
remote
|
shell
|
issue
|
which
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Software vulnerabilities results 1 to 20 of 25
Page:
1
2
►