Searching exists software vulnerabilities

rpc.mountd on Linux, Ultrix, and possibly other

attempting | existence | determine | attackers | different | generates | depending | operating | rpcmountd | possibly | messages | systems | whether | remote | Ultrix | allows | exists | server | error | mount | other | Linux | which | file | not |

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.


A buffer overflow exists in the HELO command in

Interscan | VirusWall | arbitrary | overflow | attacker | gateway | command | execute | 323/33 | buffer | exists | Trend | allow | Micro | which | code | HELO | SMTP | may |

A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code.


WSSecurity.pl in WebStore allows remote attacke

authentication | WSSecuritypl | attackers | providing | WebStore | filename | program | exists | easier | remote | allows | bypass | which | made |

WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).


The Domain gateway in BEA Tuxedo 7.1 does not p

authorization | imported | services | gateway | qspaces | domains | perform | Tuxedo | remote | exists | access | allows | checks | Domain | which | users | does | even | BEA | ACL | not |

The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.


The getAlbumToDisplay function in idsShared.pm

getAlbumToDisplay | idsSharedpm | function | Display | System | Image |

The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.


Directory traversal vulnerability in the list_d

list_directory | vulnerability | Directory | traversal | function | Icecast |

Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.


The default login template (/vgn/login) in Vign

template | default | login |

The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.


vsftpd 1.1.3 generates different error messages

vsftpd |

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.


YaBB 1 SP 1.3.1 displays different error messag

YaBB |

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.


Load Sharing Facility (LSF) 4.x, 5.x, and 6.x u

Facility | Sharing | Load |

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.


A "potential" buffer overflow exists in the pan

"potential" | overflow | exists | buffer |

A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.


MailPost 5.1.1sv, and possibly earlier versions

information | attackers | different | sensitive | depending | requested | possibly | MailPost | displays | versions | whether | earlier | message | allows | remote | exists | error | 511sv | which | file | gain | not |

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information.


The getItemInfoByAtom function in the ActiveX c

getItemInfoByAtom | existence | determine | attackers | Microsoft | function | returns | ActiveX | Windows | control | exists | allows | remote | system | Player | Media | local | files | which | exist | size | does | file | not |

The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.


ProFTPD 1.2.x, including 1.2.8 and 1.2.10, resp

including | ProFTPD | 12x |

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.


PY Software Active Webcam WebServer (webcam.exe

WebServer | Software | Webcam | Active |

PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.


Novell iChain Mini FTP Server 2.3 displays diff

information | facilitates | attackers | different | sensitive | messages | displays | attacks | allows | remote | obtain | iChain | Server | exists | Novell | brute | which | force | error | Mini | user | FTP | not |

Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.


The POP3 server in IBM iSeries AS/400 returns d

different | attackers | determine | messages | iSeries | returns | exists | remote | AS/400 | server | allows | which | error | valid | POP3 | user | IDs | not | IBM |

The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.


Merak Mail Server 8.0.3 with Icewarp Web Mail 5

Server | Merak | Mail |

Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.


login.asp in Ringtail CaseBook 6.1.0 displays d

CaseBook | Ringtail | loginasp |

login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.


ioFTPD 0.5.84 u responds with different message

ioFTPD |

ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.


Software vulnerabilities results 1 to 20 of 59     
Page: 123