Searching client software vulnerabilities

Buffer overflow in ALMail32 POP3 client via Fro

ALMail32 | overflow | client | Buffer | POP3 | via |

Buffer overflow in ALMail32 POP3 client via From: or To: headers.


Microsoft NetMeeting 2.1 allows one client to r

NetMeeting | clipboard | Microsoft | contents | client's | another | allows | CTRL-C | client | empty | read | chat | box | one | via |

Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.


The Extended Control List (ECL) feature of the

Extended | Control | List |

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.


CITRIX Metaframe 1.8 logs the Client Address (I

Metaframe | Address | Client | CITRIX | logs |

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).


Citrix Independent Computing Architecture (ICA)

Architecture | Independent | Computing | Citrix |

Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.


The XMLHttpRequest object (XMLHTTP) in Netscape

XMLHttpRequest | object |

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.


Heap overflow in the KTH Kerberos 4 FTP client

arbitrary | malicious | Kerberos | overflow | response | passive | servers | execute | remote | client | allows | 4-111 | long | Heap | code | FTP | KTH | via |

Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.


Format string vulnerability in log_doit functio

vulnerability | log_doit | function | client | Format | string | Slurp | NNTP |

Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response.


Buffer overflows in the Cisco VPN 5000 Client b

overflows | Buffer | Cisco | VPN |

Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.


Buffer overflow in Novell NetWare Client 4.80 t

overflow | NetWare | Client | Buffer | Novell |

Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.


Kerberos FTP client allows remote FTP sites to

arbitrary | Kerberos | execute | remote | client | allows | sites | pipe | code | FTP | via |

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.


Business Objects WebIntelligence 2.7.0 through

WebIntelligence | Business | Objects |

Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.


Citrix Program Neighborhood Agent for Win32 8.0

Neighborhood | Program | Citrix | Win32 | Agent |

Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.


Buffer overflow in the Lotus Notes client for D

overflow | Domino | client | Buffer | before | Lotus | Notes |

Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.


BFCommand & Control Server Manager BFCC 1.22_A

disconnections | administrative | restrictions | permissions | attackers | BFCommand | modified | perform | Manager | Control | actions | enforce | earlier | allows | remote | bypass | Server | relies | client | which | 122_A | 214_B | BFVCC | BFCC | such | via |

BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client.


The popSubjectContext method in the SecurityAss

SecurityAssociation | popSubjectContext | Enterprise | method | Beans | class | JBoss | Java |

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.


aMSN (aka Alvaro's Messenger) allows remote att

aMSN |

aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).


Client Firewall in NCP Network Communication Se

Communication | Firewall | Network | Client | Secure | NCP |

Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program.


Unspecified vulnerability in the VPN Client for

vulnerability | Unspecified | Graphical | Interface | Windows | Client | User | VPN |

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.


Alien Arena 2007 6.10 and earlier allows remote

Arena | Alien |

Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries.


Software vulnerabilities results 1 to 20 of 637     
Page: 12345...32