viewing software vulnerabilities
vulnerabilities.aspcode.net
Searching viewing software vulnerabilities
KMail in KDE 1.0 provides a PGP passphrase as a
information
|
passphrase
|
compromise
|
arguments
|
argument
|
programs
|
provides
|
process
|
command
|
viewing
|
obtain
|
local
|
users
|
other
|
KMail
|
which
|
allow
|
could
|
list
|
such
|
line
|
keys
|
KDE
|
via
|
PGP
|
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
Internet Software Solutions Air Messenger LAN S
Solutions
|
Messenger
|
Internet
|
Software
|
Server
|
LAN
|
Air
|
Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.
Bugzilla before 2.14 does not properly restrict
Bugzilla
|
before
|
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
The System Request menu in IBM AS/400 allows lo
accounts
|
viewing
|
Request
|
allows
|
object
|
System
|
USRPRF
|
AS/400
|
valid
|
local
|
users
|
names
|
type
|
menu
|
list
|
user
|
IBM
|
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
The admin.html file in MySimple News 1.0 stores
administrative
|
unauthorized
|
adminhtml
|
plaintext
|
attackers
|
password
|
MySimple
|
viewing
|
remote
|
source
|
allows
|
server
|
stores
|
access
|
which
|
News
|
file
|
gain
|
web
|
its
|
The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html.
Buffer overflow in the log viewing interface in
Perception
|
interface
|
LiteServe
|
overflow
|
viewing
|
Buffer
|
log
|
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from c
Bugzilla
|
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
** DISPUTED ** Dragonfly Commerce allows remot
x_DragonflyCartProductPrice
|
modifying
|
attackers
|
Dragonfly
|
DISPUTED
|
Commerce
|
product
|
hidden
|
remote
|
allows
|
change
|
field
|
price
|
** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
Unspecified vulnerability in MailEnable Enterpr
vulnerability
|
Unspecified
|
Enterprise
|
MailEnable
|
attackers
|
service
|
Edition
|
denial
|
allows
|
before
|
remote
|
cause
|
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail.
CGI::Session 4.03-1 does not set proper permiss
CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.
stopWebLogic.sh in BEA WebLogic Server 8.1 befo
stopWebLogicsh
|
administrator
|
displays
|
executed
|
password
|
WebLogic
|
display
|
viewing
|
Service
|
obtain
|
allows
|
Server
|
before
|
stdout
|
users
|
which
|
local
|
Pack
|
BEA
|
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
The updateuser servlet in Neon WebMail for Java
updateuser
|
WebMail
|
servlet
|
before
|
Java
|
Neon
|
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.
The "Feed Preview" feature in Mozilla Firefox 2
Preview"
|
Mozilla
|
Firefox
|
feature
|
before
|
"Feed
|
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.
MailEnable Professional before 1.78 provides a
Professional
|
MailEnable
|
before
|
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
Webbler CMS before 3.1.6 provides the full inst
Webbler
|
before
|
CMS
|
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.
Software vulnerabilities results 1 to 18 of 18
Page:
1