after software vulnerabilities
vulnerabilities.aspcode.net
Searching after software vulnerabilities
Internet Explorer 4.01 allows remote attackers
Explorer
|
Internet
|
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
A Windows NT account policy has inappropriate,
security-critical
|
inappropriate
|
settings
|
attempts
|
duration
|
lockout
|
account
|
Windows
|
policy
|
logon
|
after
|
etc
|
has
|
bad
|
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
useradd in Solaris 7.0 does not properly interp
interpret
|
specified
|
properly
|
certain
|
useradd
|
formats
|
Solaris
|
does
|
"-e"
|
date
|
not
|
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
Buffer overflow in IrfanView32 3.07 and earlier
IrfanView32
|
overflow
|
Buffer
|
Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.
Compaq/Microcom 6000 Access Integrator does not
Compaq/Microcom
|
Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password.
Compaq/Microcom 6000 Access Integrator does not
Compaq/Microcom
|
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.
Norton AntiVirus 5.00.01C with the Novell Netwa
auto-protection
|
AntiVirus
|
properly
|
restart
|
service
|
Netware
|
50001C
|
Norton
|
system
|
logged
|
client
|
Novell
|
first
|
after
|
does
|
user
|
not
|
off
|
has
|
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
Lightwave ConsoleServer 3200 does not disconnec
ConsoleServer
|
Lightwave
|
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.
The throttle capability in Swatch may fail to r
capability
|
throttle
|
certain
|
report
|
Swatch
|
events
|
fail
|
may
|
The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.
BlackICE Agent 3.1.eal does not always reactiva
restrictions
|
reactivate
|
attackers
|
BlackICE
|
intended
|
firewall
|
standby
|
system
|
bypass
|
always
|
remote
|
users
|
local
|
after
|
31eal
|
Agent
|
could
|
allow
|
which
|
does
|
not
|
BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions.
Sendmail Consortium's Restricted Shell (SMRSH)
Consortium's
|
Restricted
|
Sendmail
|
Shell
|
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
irssi IRC client 0.8.4, when downloaded after 1
client
|
irssi
|
IRC
|
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
Snitz Forums 3.4.03 and earlier allows attacker
Forums
|
Snitz
|
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
Safari in Mac OS X before 10.3.5, after sending
before
|
Safari
|
Mac
|
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
NetInfo Manager on Mac OS X 10.3.x through 10.3
through
|
Manager
|
NetInfo
|
103x
|
Mac
|
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
PHPMyChat 0.14.5 does not remove or protect set
PHPMyChat
|
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
Oracle Formsbuilder 9.0.4 stores database usern
Formsbuilder
|
Oracle
|
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
Directory traversal vulnerability in GNUMP3D be
vulnerability
|
Directory
|
traversal
|
GNUMP3D
|
before
|
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
Cross-site scripting (XSS) vulnerability in Xer
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI.
NetworkActiv Web Server 3.5.15 allows remote at
NetworkActiv
|
Server
|
Web
|
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.
Software vulnerabilities results 1 to 20 of 253
Page:
1
2
3
4
5
...
13
►