flaw software vulnerabilities
vulnerabilities.aspcode.net
Searching flaw software vulnerabilities
Zetetic Secure Tool for Recalling Important Pas
Recalling
|
Important
|
Passwords
|
Zetetic
|
Secure
|
Tool
|
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
Microsoft Word and Excel allow remote attackers
demonstrated
|
information
|
sensitive
|
attackers
|
Microsoft
|
document
|
returned
|
attacker
|
certain
|
insert
|
remote
|
codes
|
steal
|
allow
|
Excel
|
field
|
using
|
Word
|
via
|
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
The ByteCode Verifier component of Microsoft Vi
component
|
Microsoft
|
ByteCode
|
Verifier
|
Machine
|
Virtual
|
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
The tcp_find_option function of the netfilter s
tcp_find_option
|
subsystem
|
netfilter
|
function
|
Linux
|
SUSE
|
IPv6
|
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626.
A design flaw in image processing software that
potentially
|
information
|
processing
|
thumbnail
|
sensitive
|
original
|
software
|
modifies
|
removed
|
visual
|
design
|
images
|
modify
|
could
|
which
|
image
|
might
|
main
|
been
|
flaw
|
JPEG
|
EXIF
|
leak
|
lead
|
had
|
not
|
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
Interpretation conflict in phpBB 2.0.17, with r
Interpretation
|
conflict
|
phpBB
|
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
Multiple interpretation error in the image uplo
interpretation
|
Invision
|
handling
|
Multiple
|
Gallery
|
upload
|
image
|
error
|
code
|
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.
Interpretation conflict in file.inc in Drupal 4
Interpretation
|
conflict
|
fileinc
|
Drupal
|
Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal.
Unspecified vulnerability in Positive Software
vulnerability
|
Corporation
|
Unspecified
|
Software
|
Positive
|
CP+
|
Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to has unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.
Interpretation conflict in YaBB before 2.1 allo
Interpretation
|
authenticated
|
CVE-2005-3312
|
extension
|
arbitrary
|
Internet
|
Explorer
|
executed
|
conflict
|
causes
|
remote
|
allows
|
victim
|
result
|
before
|
inject
|
script
|
which
|
users
|
views
|
HTML
|
file
|
YaBB
|
web
|
GIF
|
via
|
Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.
** DISPUTED ** Cross-site scripting (XSS) vuln
Cross-site
|
scripting
|
DISPUTED
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of Tuesday, October 03, 2006, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package.
** DISPUTED ** SQL injection vulnerability in
vulnerability
|
unspecified
|
parameters
|
attackers
|
arbitrary
|
injection
|
commands
|
possibly
|
DISPUTED
|
Search0
|
earlier
|
execute
|
search
|
allows
|
remote
|
WebDB
|
via
|
SQL
|
** DISPUTED ** SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE.
Unspecified vulnerability related to a "design
vulnerability
|
Unspecified
|
Graphics
|
Internet
|
Service
|
related
|
"design
|
flaw"
|
SAP
|
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
pwlib, as used by Ekiga 2.0.5 and possibly othe
Ekiga
|
pwlib
|
used
|
pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).
Unspecified vulnerability in Office Efficiencie
vulnerability
|
Efficiencies
|
Unspecified
|
SafeSquid
|
security
|
"serious
|
specific
|
possibly
|
vectors
|
related
|
unknown
|
Office
|
impact
|
attack
|
Linux
|
flaw"
|
has
|
41x
|
Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux.
Software vulnerabilities results 1 to 16 of 16
Page:
1