implemented software vulnerabilities
vulnerabilities.aspcode.net
Searching implemented software vulnerabilities
Interactions between the CIFS Browser Protocol
Interactions
|
implemented
|
Microsoft
|
Protocol
|
Windows
|
between
|
Browser
|
NetBIOS
|
CIFS
|
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
The SSH protocols 1 and 2 (aka SSH-2) as implem
protocols
|
SSH
|
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
NetWin Authentication module (NWAuth) 2.0 and 3
Authentication
|
module
|
NetWin
|
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Buffer overflows in NetWin Authentication Modul
Authentication
|
overflows
|
Module
|
Buffer
|
NetWin
|
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
The Kerberos Telnet protocol, as implemented by
implemented
|
protocol
|
Kerberos
|
Telnet
|
KTH
|
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
The IDEA cipher as implemented by SSH1 does not
modification
|
implemented
|
redundancy
|
detection
|
attackers
|
changing
|
message
|
without
|
against
|
protect
|
allows
|
remote
|
cipher
|
cyclic
|
modify
|
check
|
block
|
final
|
which
|
does
|
SSH1
|
IDEA
|
its
|
not
|
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
The Javascript "Same Origin Policy" (SOP), as i
Javascript
|
Policy"
|
Origin
|
"Same
|
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
Multiple SSH2 servers and clients do not proper
null-terminated
|
demonstrated
|
interactions
|
implemented
|
characters
|
SSHredder
|
arbitrary
|
specified
|
languages
|
attackers
|
possibly
|
Multiple
|
properly
|
protocol
|
servers
|
strings
|
execute
|
clients
|
service
|
denial
|
string
|
handle
|
length
|
remote
|
suite
|
using
|
could
|
allow
|
field
|
which
|
cause
|
null
|
them
|
SSH2
|
test
|
code
|
such
|
due
|
use
|
SSH
|
not
|
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
The design of the Hot Standby Routing Protocol
Protocol
|
Routing
|
Standby
|
design
|
Hot
|
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
Extended Interior Gateway Routing Protocol (EIG
Protocol
|
Interior
|
Extended
|
Routing
|
Gateway
|
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
The kernel strncpy function in Linux 2.4 and 2.
architectures
|
information
|
implemented
|
expected
|
function
|
behavior
|
strncpy
|
opposed
|
buffer
|
kernel
|
Linux
|
leaks
|
could
|
other
|
which
|
libc
|
lead
|
%NUL
|
than
|
does
|
not
|
x86
|
pad
|
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
Heap-based buffer overflow in ASN.1 decoding li
implemented
|
negotiation
|
Heap-based
|
Aggressive
|
initiating
|
malformed
|
arbitrary
|
attackers
|
overflow
|
products
|
decoding
|
execute
|
library
|
sending
|
packet
|
remote
|
buffer
|
allows
|
VPN-1
|
Point
|
Check
|
ASN1
|
data
|
code
|
Mode
|
then
|
IKE
|
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
AS/400 Telnet 5250 terminal emulation clients,
Telnet
|
AS/400
|
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
Unknown vulnerability in the privilege system i
vulnerability
|
privilege
|
Unknown
|
Drupal
|
system
|
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
SSH, as implemented in OpenSSH before 4.0 and p
implementations
|
known_hosts
|
compromised
|
implemented
|
additional
|
hostnames
|
plaintext
|
addresses
|
generate
|
possibly
|
password
|
attacker
|
account
|
OpenSSH
|
targets
|
user's
|
stores
|
likely
|
before
|
easier
|
which
|
other
|
makes
|
more
|
same
|
have
|
list
|
file
|
keys
|
key
|
SSH
|
has
|
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Extended Interior Gateway Routing Protocol (EIG
Protocol
|
Interior
|
Extended
|
Routing
|
Gateway
|
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
BEA WebLogic Server 8.1 through 8.1 SP5 does no
redeployment
|
restrictions
|
application
|
implemented
|
attackers
|
properly
|
WebLogic
|
intended
|
exploded
|
dynamic
|
control
|
through
|
enforce
|
allows
|
Server
|
bypass
|
access
|
update
|
which
|
after
|
does
|
jars
|
BEA
|
not
|
SP5
|
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
The admin web console implemented by the Centra
Communications
|
implemented
|
Centrality
|
console
|
admin
|
web
|
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
Heap-based buffer overflow in the Huffman decom
decompression
|
implemented
|
097d-beta41
|
Heap-based
|
attackers
|
algorithm
|
arbitrary
|
overflow
|
Skulltag
|
crafted
|
execute
|
earlier
|
Huffman
|
packet
|
buffer
|
allows
|
remote
|
code
|
UDP
|
via
|
Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet.
Software vulnerabilities results 1 to 20 of 28
Page:
1
2
►