its software vulnerabilities
vulnerabilities.aspcode.net
Searching its software vulnerabilities
The ffingerd 1.19 allows remote attackers to id
ffingerd
|
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
A service may include useful information in its
information
|
function
|
service
|
include
|
banner
|
useful
|
help
|
may
|
its
|
A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities.
ROUTERmate has a default SNMP community name wh
configuration
|
ROUTERmate
|
community
|
attackers
|
default
|
allows
|
remote
|
modify
|
which
|
SNMP
|
name
|
has
|
its
|
ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration.
IBM WebSphere sets permissions that allow a loc
deinstallation
|
permissions
|
WebSphere
|
/usr/bin
|
modify
|
stored
|
script
|
allow
|
files
|
local
|
user
|
data
|
sets
|
IBM
|
its
|
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
WS_FTP Pro 6.0 uses weak encryption for passwor
initialization
|
encryption
|
privileges
|
passwords
|
attackers
|
decrypt
|
remote
|
allows
|
easily
|
WS_FTP
|
files
|
which
|
uses
|
gain
|
weak
|
Pro
|
its
|
WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.
Oracle Web Listener 2.1 allows remote attackers
restrictions
|
HTTP-encoded
|
attackers
|
replacing
|
character
|
Listener
|
access
|
allows
|
Oracle
|
bypass
|
remote
|
its
|
Web
|
URL
|
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
loadmodule in SunOS 4.1.x, as used by xnews, do
vulnerability
|
CVE-1999-1584
|
environment
|
privileges
|
loadmodule
|
different
|
sanitize
|
properly
|
allows
|
local
|
SunOS
|
users
|
xnews
|
which
|
does
|
gain
|
used
|
than
|
41x
|
its
|
not
|
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
The Razor configuration management tool uses we
configuration
|
encryption
|
privileges
|
management
|
password
|
allows
|
local
|
which
|
users
|
Razor
|
gain
|
uses
|
weak
|
file
|
tool
|
its
|
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
WinU 5.x and earlier uses weak encryption to st
configuration
|
encryption
|
privileges
|
password
|
decrypt
|
earlier
|
allows
|
local
|
users
|
which
|
store
|
gain
|
weak
|
uses
|
WinU
|
its
|
WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.
WinU 1.0 through 5.1 has a backdoor password th
administrative
|
configuration
|
attackers
|
interface
|
backdoor
|
password
|
through
|
access
|
modify
|
allows
|
remote
|
gain
|
WinU
|
its
|
has
|
WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration.
SnapStream PVS 1.2a stores its passwords in pla
privileges
|
SnapStream
|
passwords
|
plaintext
|
attacker
|
SSDini
|
server
|
remote
|
stores
|
allow
|
could
|
which
|
file
|
gain
|
PVS
|
12a
|
its
|
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
mkpasswd in expect 5.2.8, as used by Red Hat Li
mkpasswd
|
expect
|
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
Cross-site scripting in PostCalendar 3.02 allow
PostCalendar
|
Cross-site
|
scripting
|
Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.
Mantis 0.17.5 and earlier stores its database p
Mantis
|
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
Format string vulnerability in the WGate compon
vulnerability
|
Transaction
|
component
|
Internet
|
Format
|
Server
|
string
|
WGate
|
SAP
|
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
The MHTML protocol handler in Microsoft Outlook
restrictions
|
demonstrated
|
attackers
|
arbitrary
|
Microsoft
|
Explorer
|
compiled
|
protocol
|
Internet
|
execute
|
Outlook
|
handler
|
Express
|
through
|
script
|
remote
|
allows
|
domain
|
bypass
|
using
|
MHTML
|
code
|
help
|
SP1
|
SP2
|
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
LHA 1.14 and earlier allows attackers to execut
LHA
|
LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.
The PPTP server in Astaro Security Linux before
Security
|
before
|
Astaro
|
server
|
Linux
|
PPTP
|
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
The Allied Telesis AT-9000/24 Ethernet switch h
unauthorized
|
AT-9000/24
|
attackers
|
"manager"
|
password
|
Ethernet
|
perform
|
Telesis
|
account
|
actions
|
default
|
allows
|
remote
|
switch
|
Allied
|
admin
|
which
|
has
|
its
|
The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.
mAlbum 0.3 has default accunts (1) "login"/"pas
default
|
accunts
|
mAlbum
|
has
|
mAlbum 0.3 has default accunts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
Software vulnerabilities results 1 to 20 of 124
Page:
1
2
3
4
5
...
7
►