would software vulnerabilities
vulnerabilities.aspcode.net
Searching would software vulnerabilities
In IIS, an attacker could determine a real path
non-existent
|
interpreted
|
determine
|
attacker
|
request
|
would
|
using
|
could
|
Perl
|
path
|
real
|
IIS
|
URL
|
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
ping in iputils before 20001010, as distributed
iputils
|
before
|
ping
|
ping in iputils before Tuesday, October 10, 2000, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
eEye SecureIIS versions 1.0.3 and earlier allow
SecureIIS
|
versions
|
eEye
|
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
Foundry Networks ServerIron switches do not dec
vulnerabilities
|
inaccessible
|
ServerIron
|
otherwise
|
attackers
|
different
|
"url-map"
|
intended
|
switches
|
Networks
|
applying
|
traffic
|
Foundry
|
exploit
|
forward
|
server
|
switch
|
easier
|
decode
|
which
|
rules
|
would
|
could
|
cause
|
make
|
than
|
URIs
|
not
|
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
The shared memory scoreboard in the HTTP daemon
scoreboard
|
daemon
|
Apache
|
before
|
memory
|
shared
|
HTTP
|
13x
|
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
Buffer overflow in PFinger 0.7.8 client allows
overflow
|
PFinger
|
Buffer
|
Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability.
A design error in the IEEE1394 specification al
specification
|
FireWire/IEEE
|
sensitive
|
attackers
|
physical
|
IEEE1394
|
modified
|
memory
|
device
|
allows
|
design
|
access
|
error
|
using
|
write
|
read
|
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.
mntd_mount.c in mntd before 0.4.2 might allow l
mntd_mountc
|
before
|
mntd
|
mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file.
setting.php in Innovative CMS (ICMS, formerly I
Innovative
|
settingphp
|
CMS
|
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processsed before content is returned to the user, so this might not be a vulnerability.
verify.php in FlatNuke 2.5.6 allows remote auth
verifyphp
|
FlatNuke
|
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.
** DISPUTED ** Directory traversal vulnerabilit
vulnerability
|
workspacesphp
|
phpXplorer
|
Directory
|
traversal
|
DISPUTED
|
** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root.
Directory traversal vulnerability in action.php
vulnerability
|
phpXplorer
|
attackers
|
arbitrary
|
Directory
|
traversal
|
actionphp
|
allows
|
remote
|
files
|
read
|
via
|
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability.
Niels Provos Honeyd before 1.5 replies to certa
implementations
|
simulated
|
fragments
|
attackers
|
addresses
|
identify
|
replies
|
illegal
|
certain
|
Provos
|
remote
|
allows
|
Honeyd
|
packet
|
before
|
being
|
using
|
Niels
|
stack
|
other
|
which
|
would
|
drop
|
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
Apache Software Foundation (ASF) Struts before
Foundation
|
Software
|
Apache
|
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
** DISPUTED ** SQL injection vulnerability in
vulnerability
|
AFCommerce
|
attackers
|
arbitrary
|
injection
|
Shopping
|
commands
|
DISPUTED
|
Amazing
|
execute
|
remote
|
search
|
allows
|
Flash
|
field
|
Cart
|
SQL
|
via
|
** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried."
** DISPUTED ** Integer overflow in banner/bann
banner/bannerc
|
overflow
|
DISPUTED
|
OpenBSD
|
FreeBSD
|
Integer
|
memory
|
modify
|
NetBSD
|
banner
|
users
|
might
|
allow
|
local
|
long
|
via
|
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.
Multiple format string vulnerabilities in zabbi
vulnerabilities
|
Multiple
|
zabbix
|
before
|
format
|
string
|
Multiple format string vulnerabilities in zabbix before Friday, October 06, 2006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
login in util-linux-2.12a skips pam_acct_mgmt a
util-linux-212a
|
authentication
|
pam_acct_mgmt
|
established
|
chauth_tok
|
enforced
|
intended
|
policies
|
Kerberos
|
skipped
|
session
|
krlogin
|
access
|
bypass
|
skips
|
would
|
login
|
users
|
which
|
might
|
allow
|
such
|
been
|
has
|
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
The dl function in PHP 5.2.4 and earlier allows
function
|
PHP
|
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
Software vulnerabilities results 1 to 20 of 76
Page:
1
2
3
4
►