Searching max software vulnerabilities

The Linux 2.2.x kernel does not restrict the nu

requesting | paremeter | restrict | wmem_max | sockets | service | defined | kernel | allows | denial | number | domain | large | users | Linux | cause | which | local | does | Unix | not | 22x |

The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max paremeter, which allows local users to cause a denial of service by requesting a large number of sockets.


Lucent Ascend MAX Router 5.0 and earlier, Lucen

Pipeline | earlier | Router | Ascend | Lucent | MAX |

Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response.


traceroute-nanog 6.1.1 allows local users to ov

traceroute-nanog |

traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.


Integer overflow in the "Max-dotdot" CVS protoc

"Max-dotdot" | protocol | overflow | command | Integer | CVS |

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.


ADP Elite System Max 9000 allows remote authent

System | Elite | Max | ADP |

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.


index.php in ECW-Shop 6.0.2 allows remote attac

ECW-Shop | indexphp |

index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter.


The ipt_recent kernel module (ipt_recent.c) in

ipt_recent | module | kernel |

The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.


Mantis before 0.19.4 allows remote attackers to

before | Mantis |

Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.


Matt Johnston Dropbear SSH server 0.47 and earl

Dropbear | Johnston | server | Matt | SSH |

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.


Opsware Network Automation System (NAS) 6.0 ins

Automation | Network | Opsware | System |

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.


PHP remote file inclusion vulnerability in incl

include/urightsphp | vulnerability | inclusion | Outreach | Project | remote | file | Tool | PHP |

PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter.


Buffer overflow in the LWZReadByte_ function in

ext/gd/libgd/gd_gif_inc | LWZReadByte_ | extension | function | overflow | before | Buffer | PHP |

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.


SQL injection vulnerability in index.php in ezP

vulnerability | ezPortal/ztml | attackers | arbitrary | injection | commands | indexphp | execute | allows | remote | via | SQL | CMS |

SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.


backend/parser/analyze.c in PostgreSQL 8.1.x be

backend/parser/analyzec | PostgreSQL | before | 81x |

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."


Multiple heap-based buffer overflows in AOL Nul

heap-based | overflows | Nullsoft | Multiple | WinAmp | buffer | before | AOL |

Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.


cache_util.c in the mod_cache module in Apache

cache_utilc | mod_cache | Server | Apache | module | HTTP |

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.


A typo in Linux kernel 2.6 before 2.6.21-rc6 an

2621-rc6 | before | kernel | Linux | typo |

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.


Unspecified vulnerability in the (1) attach dat

vulnerability | Unspecified |

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.


Software vulnerabilities results 1 to 20 of 34     
Page: 12