identify software vulnerabilities
vulnerabilities.aspcode.net
Searching identify software vulnerabilities
A remote attacker can sometimes identify the op
sometimes
|
operating
|
identify
|
attacker
|
packets
|
reacts
|
system
|
remote
|
queso
|
using
|
based
|
tool
|
nmap
|
such
|
some
|
ICMP
|
host
|
can
|
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
The ffingerd 1.19 allows remote attackers to id
ffingerd
|
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
Error messages generated by gdm with the Verbos
VerboseAuth
|
generated
|
identify
|
attacker
|
messages
|
setting
|
system
|
allows
|
users
|
valid
|
Error
|
gdm
|
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
The presence of the Distributed GL Daemon (dgld
Distributed
|
presence
|
Daemon
|
The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.
geteuid in Itanium Architecture (IA) running on
Architecture
|
Itanium
|
geteuid
|
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
IPFilter 3.4.25 and earlier sets a different TT
IPFilter
|
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
Thomas Hauck Jana Server 2.x through 2.2.1, and
through
|
Server
|
Thomas
|
Hauck
|
Jana
|
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.
Secure Webserver 1.1 in Raptor 6.5 and Symantec
Enterprise
|
Webserver
|
Symantec
|
Firewall
|
Secure
|
Raptor
|
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.
TeeKai Tracking Online 1.0 uses weak encryption
data/userlog/logtxt
|
encryption
|
statistics
|
attackers
|
dividing
|
Tracking
|
identify
|
visiting
|
remote
|
allows
|
Online
|
TeeKai
|
usage
|
which
|
octet
|
'20'
|
hash
|
each
|
uses
|
weak
|
site
|
IP's
|
web
|
MD5
|
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
SLWebMail 3 on Windows systems allows remote at
WebMailReqdll
|
attackers
|
SLWebMail
|
identify
|
requests
|
invalid
|
systems
|
Windows
|
reveals
|
message
|
remote
|
server
|
allows
|
which
|
error
|
full
|
path
|
DLLs
|
such
|
via
|
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.
3com OfficeConnect Remote 812 ADSL Router 1.1.7
OfficeConnect
|
Remote
|
3com
|
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
Privacyware Privatefirewall 3.0 does not block
Privatefirewall
|
Privacyware
|
attackers
|
Traffic"
|
Internet
|
identify
|
services
|
incoming
|
certain
|
running
|
packets
|
"Filter
|
remote
|
allows
|
scans
|
block
|
modes
|
which
|
Xmas
|
does
|
Deny
|
not
|
via
|
FIN
|
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans.
The default login template (/vgn/login) in Vign
template
|
default
|
login
|
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.
vsftpd 1.1.3 generates different error messages
vsftpd
|
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.
YaBB 1 SP 1.3.1 displays different error messag
YaBB
|
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, resp
including
|
ProFTPD
|
12x
|
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
Microsoft Baseline Security Analyzer (MBSA) 1.2
Microsoft
|
Analyzer
|
Security
|
Baseline
|
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
Honeyd before 0.8 replies to TCP packets with t
simulated
|
addresses
|
attackers
|
identify
|
packets
|
replies
|
allows
|
remote
|
Honeyd
|
before
|
being
|
flags
|
which
|
SYN
|
TCP
|
set
|
RST
|
Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.
resmgr in SUSE CORE 9 does not properly identif
terminals
|
properly
|
terminal
|
identify
|
resmgr
|
allows
|
local
|
spoof
|
users
|
types
|
login
|
names
|
which
|
CORE
|
does
|
SUSE
|
not
|
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
phpstatus 1.0 does not require passwords when u
authentication
|
passwords
|
attackers
|
phpstatus
|
identify
|
require
|
cookies
|
allows
|
remote
|
bypass
|
using
|
which
|
does
|
user
|
not
|
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
Software vulnerabilities results 1 to 20 of 47
Page:
1
2
3
►