master software vulnerabilities
vulnerabilities.aspcode.net
Searching master software vulnerabilities
Oracle Database Assistant 1.0 in Oracle 8.0.3 E
Assistant
|
Database
|
Oracle
|
Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file.
A system has a distributed denial of service (D
distributed
|
service
|
denial
|
system
|
has
|
A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
Directory traversal vulnerability in Phorum 3.0
vulnerability
|
traversal
|
Directory
|
Phorum
|
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
ibillpm.pl in iBill password management system
MASTER_ACCOUNT
|
information
|
management
|
attackers
|
passwords
|
generates
|
ibillpmpl
|
guessing
|
htpasswd
|
client's
|
password
|
account
|
system
|
modify
|
allows
|
remote
|
force
|
brute
|
iBill
|
based
|
which
|
weak
|
file
|
via
|
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
Buffer overflows in OpenSSL 0.9.6d and earlier,
097-beta2
|
arbitrary
|
attackers
|
overflows
|
execute
|
OpenSSL
|
earlier
|
Buffer
|
remote
|
allow
|
code
|
096d
|
via
|
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-b
overflow
|
OpenSSL
|
Buffer
|
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
The Name Service Daemon (nsd), when running on
Service
|
Daemon
|
Name
|
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
Battlefield 1942 1.6.19 and earlier, and Battle
Battlefield
|
Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.
Master of Orion III 1.2.5 and earlier allows re
Master
|
Orion
|
III
|
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail.
Master of Orion III 1.2.5 and earlier allows re
Master
|
Orion
|
III
|
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.
pam_ldap and nss_ldap, when used with OpenLDAP
connecting
|
subsequent
|
connection
|
cleartext
|
attackers
|
pam_ldap
|
nss_ldap
|
password
|
referred
|
OpenLDAP
|
client
|
master
|
allows
|
remote
|
sniff
|
cause
|
slave
|
using
|
which
|
used
|
sent
|
does
|
use
|
not
|
may
|
TLS
|
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
The SecureW2 3.0 TLS implementation uses weak r
implementation
|
generators
|
SecureW2
|
random
|
number
|
uses
|
weak
|
TLS
|
The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data.
Unspecified vulnerability in passwordserver in
passwordserver
|
vulnerability
|
Unspecified
|
Server
|
Mac
|
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
The Microsoft Wireless Zero Configuration syste
Configuration
|
Microsoft
|
Wireless
|
system
|
Zero
|
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
The Microsoft Wireless Zero Configuration syste
Configuration
|
Microsoft
|
Wireless
|
system
|
Zero
|
The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.
snmp_apic
|
Net-SNMP
|
before
|
snmpd
|
52x
|
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
Cisco Secure Access Control Server (ACS) 3.x fo
Control
|
Server
|
Access
|
Secure
|
Cisco
|
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
pipe_master in Sun ONE/iPlanet Messaging Server
ONE/iPlanet
|
pipe_master
|
Messaging
|
HotFix
|
Server
|
Sun
|
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allow
PHP
|
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
DreameeSoft Password Master 1.0 stores the data
authentication
|
unencrypted
|
unspecified
|
DreameeSoft
|
attackers
|
contents
|
physical
|
Password
|
database
|
bypass
|
access
|
Master
|
stores
|
format
|
allows
|
which
|
read
|
set
|
via
|
DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Software vulnerabilities results 1 to 20 of 32
Page:
1
2
►