closed software vulnerabilities
vulnerabilities.aspcode.net
Searching closed software vulnerabilities
SSH server (sshd2) before 2.0.12 does not prope
server
|
SSH
|
SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
inetd in AIX 4.1.5 dynamically assigns a port N
inetd
|
AIX
|
inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
IBM/Tivoli OPC Tracker Agent version 2 release
IBM/Tivoli
|
attackers
|
release
|
service
|
version
|
Tracker
|
denial
|
remote
|
allows
|
cause
|
Agent
|
OPC
|
IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
Macromedia Flash Player 6 does not terminate co
connections
|
Macromedia
|
terminate
|
attackers
|
service
|
allows
|
remote
|
denial
|
leaves
|
Player
|
which
|
Flash
|
cause
|
does
|
page
|
user
|
web
|
not
|
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed.
Imatix Xitami 2.5 b5 does not properly terminat
connections
|
Keep-Alive
|
terminate
|
attackers
|
properly
|
service
|
certain
|
broken
|
remote
|
allows
|
closed
|
denial
|
Imatix
|
Xitami
|
which
|
cause
|
early
|
does
|
have
|
been
|
not
|
Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service (crash) via a large number of concurrent sessions.
Directory traversal vulnerability in X-Cart 3.4
vulnerability
|
traversal
|
Directory
|
X-Cart
|
Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
RSniff 1.0 allows remote attackers to cause a d
attackers
|
service
|
denial
|
RSniff
|
allows
|
remote
|
cause
|
RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly.
The local and remote desktop login screens in M
Microsoft
|
screens
|
Windows
|
desktop
|
before
|
remote
|
login
|
local
|
SP2
|
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.1
post_bugcgi
|
Bugzilla
|
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
Google Mini Search Appliance, and possibly Goog
arbitrary
|
attackers
|
comparing
|
resulting
|
determine
|
Appliance
|
messages
|
possibly
|
modified
|
targets
|
Google
|
allows
|
closed
|
Search
|
remote
|
error
|
ports
|
hosts
|
port
|
open
|
Mini
|
then
|
URLs
|
scan
|
via
|
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
The ECNE chunk handling in Linux SCTP (lksctp)
handling
|
Linux
|
chunk
|
SCTP
|
ECNE
|
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
Unspecified vulnerability in Microsoft PowerPoi
vulnerability
|
Unspecified
|
PowerPoint
|
Microsoft
|
Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of Monday, July 17, 2006, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
The accept function in NetBSD-current before 20
NetBSD-current
|
function
|
before
|
accept
|
The accept function in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
DFSR.exe in Windows Meeting Space in Microsoft
connections
|
Microsoft
|
available
|
Windows
|
remains
|
DFSRexe
|
Meeting
|
remote
|
Space
|
Vista
|
port
|
TCP
|
DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
BEA WebLogic Server 9.0 through 9.2 allows remo
attackers
|
WebLogic
|
through
|
service
|
denial
|
remote
|
Server
|
allows
|
cause
|
BEA
|
BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
The web container in IBM WebSphere Application
Application
|
WebSphere
|
container
|
Server
|
web
|
IBM
|
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.
Software vulnerabilities results 1 to 17 of 17
Page:
1