visiting software vulnerabilities
vulnerabilities.aspcode.net
Searching visiting software vulnerabilities
TeeKai Forum 1.2 uses weak encryption of web us
data/member_logtxt
|
insufficient
|
encryption
|
statistics
|
attackers
|
dividing
|
document
|
visiting
|
identify
|
control
|
TeeKai
|
access
|
remote
|
allows
|
stored
|
Forum
|
octet
|
usage
|
under
|
which
|
each
|
uses
|
hash
|
'20'
|
IP's
|
root
|
site
|
weak
|
web
|
MD5
|
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
TeeKai Tracking Online 1.0 uses weak encryption
data/userlog/logtxt
|
encryption
|
statistics
|
attackers
|
dividing
|
Tracking
|
identify
|
visiting
|
remote
|
allows
|
Online
|
TeeKai
|
usage
|
which
|
octet
|
'20'
|
hash
|
each
|
uses
|
weak
|
site
|
IP's
|
web
|
MD5
|
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
Cross-site scripting (XSS) vulnerability in Ink
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
FreeScripts VisitorBook LE (visitorbook.pl) log
VisitorBook
|
FreeScripts
|
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
siteminderagent/SmMakeCookie.ccc in Netegrity S
siteminderagent/SmMakeCookieccc
|
redirection
|
referenced
|
SiteMinder
|
parameter
|
attackers
|
construct
|
Netegrity
|
arbitrary
|
visiting
|
resource
|
allows
|
remote
|
TARGET
|
ensure
|
might
|
users
|
trick
|
valid
|
which
|
names
|
site
|
does
|
into
|
web
|
URL
|
not
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
Mantis before 20041016 provides a complete Issu
before
|
Mantis
|
Mantis before Saturday, October 16, 2004 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
Simpliciti Locked Browser does not properly lim
CTRL-SHIFT-ESC
|
unauthorized
|
environment
|
Simpliciti
|
windowblur
|
JavaScript
|
Internet
|
intended
|
Explorer
|
executes
|
visiting
|
properly
|
pressing
|
perform
|
Manager
|
Browser
|
actions
|
invoke
|
remove
|
user's
|
within
|
window
|
Locked
|
allows
|
focus
|
local
|
which
|
limit
|
users
|
site
|
Task
|
does
|
ones
|
loop
|
then
|
web
|
not
|
Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
Mozilla Firefox before 1.5.0.7 and Thunderbird
Firefox
|
Mozilla
|
before
|
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
CRLF injection vulnerability in Utils.py in Mai
vulnerability
|
administrator
|
return/line
|
attackers
|
malicious
|
injection
|
sequences
|
messages
|
carriage
|
visiting
|
possibly
|
Utilspy
|
Mailman
|
219rc1
|
before
|
remote
|
allows
|
spoof
|
trick
|
error
|
feed
|
CRLF
|
into
|
URLs
|
URI
|
log
|
via
|
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequences in the URI.
Software vulnerabilities results 1 to 10 of 10
Page:
1