address software vulnerabilities
vulnerabilities.aspcode.net
Searching address software vulnerabilities
ControlIT v4.5 and earlier uses weak encryption
encryption
|
ControlIT
|
usernames
|
passwords
|
earlier
|
address
|
store
|
weak
|
book
|
uses
|
v45
|
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
LakeWeb Filemail CGI script allows remote attac
metacharacters
|
attackers
|
arbitrary
|
recipient
|
Filemail
|
commands
|
address
|
execute
|
LakeWeb
|
script
|
remote
|
allows
|
email
|
shell
|
via
|
CGI
|
LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
ICQ 98 beta on Windows NT leaks the internal IP
internal
|
address
|
Windows
|
segment
|
instead
|
public
|
packet
|
client
|
leaks
|
beta
|
data
|
ICQ
|
TCP
|
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
nph-maillist.pl allows remote attackers to exec
metacharacters
|
nph-maillistpl
|
attackers
|
arbitrary
|
commands
|
execute
|
allows
|
remote
|
shell
|
via
|
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
Legato Networker before 6.1 allows remote attac
restrictions
|
connecting
|
privileges
|
determined
|
interface
|
attackers
|
Networker
|
hostname
|
spoofing
|
reverse
|
address
|
allows
|
before
|
lookup
|
Legato
|
access
|
remote
|
bypass
|
server
|
admin
|
whose
|
name
|
gain
|
DNS
|
can
|
not
|
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
Trend Micro InterScan AppletTrap 2.0 does not p
AppletTrap
|
InterScan
|
modified
|
properly
|
certain
|
filter
|
Trend
|
Micro
|
such
|
ways
|
does
|
URLs
|
they
|
not
|
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
Vulnerability in RFC822 address parser in mutt
Vulnerability
|
address
|
before
|
parser
|
RFC822
|
mutt
|
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
ZyXEL ZyWALL 10 before 3.50 allows remote attac
before
|
ZyWALL
|
ZyXEL
|
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
SafeTP 1.46, when network address translation (
SafeTP
|
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.
Buffer overflow in ZMailer before 2.99.51_1 all
processing
|
arbitrary
|
attackers
|
hostname
|
overflow
|
possibly
|
resolves
|
address
|
execute
|
29951_1
|
ZMailer
|
before
|
remote
|
Buffer
|
during
|
allows
|
using
|
long
|
code
|
HELO
|
IPv6
|
Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname.
The mxcsr code in Linux kernel 2.4 allows attac
registers
|
attackers
|
malformed
|
address
|
modify
|
kernel
|
allows
|
Linux
|
mxcsr
|
state
|
code
|
CPU
|
via
|
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
D-Link DCS-900 Internet Camera listens on UDP p
Internet
|
DCS-900
|
listens
|
Camera
|
D-Link
|
port
|
UDP
|
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Chat Anywhere 2.72 and earlier allows remote at
Anywhere
|
Chat
|
Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
The confirm add-on in SmartList 3.15 and earlie
SmartList
|
confirm
|
add-on
|
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.
Zyxel P310, P314, P324 and Netgear RT311, RT314
attackers
|
interface
|
generates
|
firmware
|
pinging
|
running
|
Netgear
|
address
|
allows
|
remote
|
obtain
|
latest
|
WAN's
|
which
|
valid
|
Zyxel
|
RT311
|
RT314
|
reply
|
maps
|
P324
|
side
|
P310
|
P314
|
MAC
|
WAN
|
LAN
|
ARP
|
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.
The shmem_nopage function in shmem.c for the tm
shmem_nopage
|
properly
|
argument
|
function
|
address
|
service
|
driver
|
verify
|
denial
|
allows
|
kernel
|
shmemc
|
local
|
cause
|
users
|
Linux
|
tmpfs
|
which
|
does
|
not
|
The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
The mmap function in the Linux Kernel 2.6.10 ca
function
|
Kernel
|
Linux
|
mmap
|
The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).
PunBB 1.2.9 does not require password entry whe
PunBB
|
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
Cisco NAC maintains an exception list that does
demonstrated
|
disconnected
|
properties
|
physically
|
proximate
|
attackers
|
maintains
|
exception
|
different
|
spoofing
|
address
|
network
|
printer
|
methods
|
control
|
bypass
|
record
|
device
|
allows
|
local
|
Cisco
|
using
|
other
|
which
|
type
|
list
|
does
|
than
|
join
|
NAC
|
not
|
MAC
|
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
Buffer overflow in Yahoo! Messenger 8.1 allows
user-assisted
|
authenticated
|
arbitrary
|
Messenger
|
overflow
|
address
|
execute
|
e-mail
|
allows
|
remote
|
Buffer
|
entry
|
users
|
Yahoo
|
book
|
long
|
code
|
via
|
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
Software vulnerabilities results 1 to 20 of 376
Page:
1
2
3
4
5
...
19
►