Searching generates software vulnerabilities

rpc.mountd on Linux, Ultrix, and possibly other

attempting | existence | determine | attackers | different | generates | depending | operating | rpcmountd | possibly | messages | systems | whether | remote | Ultrix | allows | exists | server | error | mount | other | Linux | which | file | not |

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.


rsh daemon (rshd) generates different error mes

daemon | rsh |

rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.


Jakarta Tomcat 3.1 under Apache reveals physica

information | generates | attacker | includes | requests | physical | message | reveals | Jakarta | Tomcat | remote | Apache | which | exist | under | error | path | does | not | URL |

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.


WinCE 3.0.9348 generates predictable TCP Initia

WinCE |

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.


ibillpm.pl in iBill password management system

MASTER_ACCOUNT | information | management | attackers | passwords | generates | ibillpmpl | guessing | htpasswd | client's | password | account | system | modify | allows | remote | force | brute | iBill | based | which | weak | file | via |

ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.


qpopper 4.01 with PAM based authentication on R

qpopper |

qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.


XDM in XFree86 3.3 and 3.3.3 generates easily g

XFree86 | XDM |

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.


POP3 Server for Ipswitch IMail 7.04 and earlier

Ipswitch | Server | IMail | POP3 |

POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.


Beck IPC GmbH IPC@CHIP TelnetD server generates

different | generates | attackers | responses | determine | accounts | IPC@CHIP | invalid | TelnetD | allows | remote | server | system | which | valid | given | names | login | Beck | GmbH | IPC |

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.


WinVNC 3.3.3 and earlier generates the same cha

WinVNC |

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.


Thunderstone Texis CGI script allows remote att

Thunderstone | nonexistent | generates | attackers | includes | pathname | request | message | script | allows | remote | obtain | Texis | error | which | file | full | path | root | CGI | web | via |

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.


Cross-site scripting vulnerability in GoAhead W

vulnerability | Cross-site | generates | attackers | scripting | execute | message | GoAhead | found" | script | allows | Server | remote | quote | which | other | users | does | "404 | Web | URL | not | via |

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.


CGIScript.net csPassword.cgi leaks sensitive in

csPasswordcgi | CGIScriptnet | information | attackers | presented | parameter | sensitive | generates | "remove" | messages | pathname | command | remote | obtain | allows | server | script | option | error | debug | leaks | fails | which | such | via |

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.


Telindus 1100 series ADSL router allows remote

Telindus |

Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.


Thomas Hauck Jana Server 2.x through 2.2.1, and

through | Server | Thomas | Hauck | Jana |

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.


The Web Database Manager in web-tools for SAP D

web-tools | Database | Manager | before | SAP | Web |

The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.


vsftpd 1.1.3 generates different error messages

vsftpd |

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.


WebCalendar 1.0.1 to 1.0.3 generates different

WebCalendar |

WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.


Dispatch.cgi/_user/uservCard/ in SiteScape Foru

Dispatchcgi/_user/uservCard/ | responses | different | attackers | usernames | enumerate | SiteScape | generates | possibly | earlier | remote | allows | valid | Forum | way |

Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.


NetEpi Case Manager before 0.98 generates diffe

Manager | before | NetEpi | Case |

NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.


Software vulnerabilities results 1 to 20 of 102     
Page: 123456