Searching communication software vulnerabilities

BackWeb client stores the username and password

authentication | Communication | privileges | cleartext | registry | username | password | BackWeb | reading | client | stores | other | local | users | which | proxy | allow | could | gain | key |

BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.


Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.

Assistant | Trolltech |

Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.


The Session Initiation Protocol (SIP) implement

Initiation | Protocol | Session |

The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.


BEA WebLogic Express and Server 7.0 through 8.1

circumstances | WebLogic | through | certain | request | Express | Server | under | over | SSL | BEA | use |

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.


The default installation of NetScreen-Security

NetScreen-Security | communication | installation | information | encryption | attackers | sensitive | sniffing | ScreenOS | devices | running | default | Feature | Manager | remote | obtain | before | enable | allows | which | does | Pack | via | not |

The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.


Desktop Communication Protocol (DCOP) daemon, a

Communication | Protocol | Desktop |

Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."


Research in Motion (RIM) BlackBerry Router allo

Research | Motion |

Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets.


Macromedia Breeze Communication Server and Bree

Communication | sufficiently | Macromedia | attackers | validate | certain | earlier | service | Breeze | allows | denial | Server | which | cause | Live | does | data | RTMP | not |

Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133).


Macromedia Flash Communication Server MX 1.0 an

Communication | sufficiently | Macromedia | attackers | validate | service | certain | Server | denial | allows | Flash | cause | which | does | RTMP | data | not |

Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133).


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php.


The web interface for American Power Conversion

Conversion | interface | American | Power | web |

The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials.


Client Firewall in NCP Network Communication Se

Communication | Firewall | Network | Client | Secure | NCP |

Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program.


NCP Network Communication Secure Client 8.11 Bu

Communication | Network | Secure | Client | NCP |

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow.


NCP Network Communication Secure Client 8.11 Bu

Communication | Network | Secure | Client | NCP |

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow.


The IPv4 implementation in Sun Solaris 10 befor

implementation | Solaris | before | IPv4 | Sun |

The IPv4 implementation in Sun Solaris 10 before Friday, July 21, 2006 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.


SQL injection vulnerability in quiz.php in Web

vulnerability | Communication | injection | quizphp | Center | Group | Web | SQL |

SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.


The Teredo implementation in Microsoft Windows

implementation | communication | solicitation | attackers | different | Microsoft | session | attacks | Windows | through | remote | easier | within | Teredo | brute | force | Vista | spoof | which | ports | nonce | makes | same | uses | UDP |

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.


masterCGI in the Unified Maintenance Tool in Al

metacharacters | Communication | Maintenance | Enterprise | masterCGI | parameter | arbitrary | attackers | commands | earlier | OmniPCX | Alcatel | execute | Unified | action | during | allows | Server | remote | shell | Tool | ping | user | via | R71 |

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.


TIBCO Rendezvous (RV) 7.5.2 does not protect co

Rendezvous | TIBCO |

TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.


Guidance Software EnCase Enterprise Edition (EE

Enterprise | Software | Guidance | Edition | EnCase |

Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.


Software vulnerabilities results 1 to 20 of 34     
Page: 12