mechanism software vulnerabilities
vulnerabilities.aspcode.net
Searching mechanism software vulnerabilities
HP-UX 9.x does not properly enable the Xauthori
Xauthority
|
conditions
|
explicitly
|
authorized
|
mechanism
|
properly
|
display
|
certain
|
access
|
enable
|
local
|
users
|
which
|
HP-UX
|
allow
|
could
|
does
|
been
|
have
|
even
|
they
|
not
|
HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.
Buffer overflow in IIS ISAPI .ASP parsing mecha
"LANGUAGE"
|
arbitrary
|
attackers
|
mechanism
|
overflow
|
argument
|
commands
|
execute
|
parsing
|
Buffer
|
string
|
allows
|
script
|
ISAPI
|
long
|
ASP
|
tag
|
IIS
|
via
|
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
The split key mechanism used by PGP 7.0 allows
authenticate
|
passphrases
|
passphrase
|
capturing
|
mechanism
|
setting
|
holders
|
allows
|
"Cache
|
option
|
logged
|
obtain
|
holder
|
access
|
entire
|
share
|
other
|
while
|
split
|
used
|
they
|
key
|
on"
|
PGP
|
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
The digital signature mechanism for the Adobe A
executable
|
arbitrary
|
attackers
|
certified
|
signature
|
mechanism
|
verifies
|
plug-in
|
digital
|
Acrobat
|
execute
|
making
|
viewer
|
appear
|
signed
|
header
|
Adobe
|
which
|
allow
|
mode
|
only
|
code
|
PDF
|
can
|
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
Heap-based buffer overflow in the error-handlin
error-handling
|
Macromedia
|
ColdFusion
|
Heap-based
|
attackers
|
arbitrary
|
mechanism
|
overflow
|
request
|
handler
|
execute
|
remote
|
buffer
|
allows
|
ISAPI
|
long
|
HTTP
|
name
|
file
|
cfm
|
IIS
|
via
|
GET
|
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
Heap-based buffer overflow in the error-handlin
error-handling
|
Macromedia
|
Heap-based
|
arbitrary
|
attackers
|
mechanism
|
overflow
|
request
|
earlier
|
handler
|
execute
|
remote
|
buffer
|
allows
|
ISAPI
|
name
|
long
|
file
|
HTTP
|
JRun
|
IIS
|
jsp
|
GET
|
via
|
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.
Unknown vulnerability in the pam_filter mechani
vulnerability
|
pam_filter
|
mechanism
|
pam_ldap
|
version
|
Unknown
|
before
|
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
The Cisco LEAP challenge/response authenticatio
challenge/response
|
authentication
|
susceptible
|
dictionary
|
privileges
|
attackers
|
passwords
|
mechanism
|
password
|
guessing
|
attacks
|
remote
|
easier
|
force
|
brute
|
which
|
Cisco
|
makes
|
uses
|
LEAP
|
gain
|
via
|
way
|
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
Heap-based buffer overflow in CVS 1.11.x up to
Heap-based
|
overflow
|
buffer
|
111x
|
CVS
|
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
Online-bookmarks before 0.4.6 allows remote att
Online-bookmarks
|
before
|
Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php.
grpWise.exe for Novell GroupWise client 5.5 thr
grpWiseexe
|
GroupWise
|
through
|
client
|
Novell
|
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.
Whisper 32 1.16, and possibly earlier versions,
Whisper
|
Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
Stack-based buffer overflow in AbiWord before 2
Stack-based
|
overflow
|
AbiWord
|
before
|
buffer
|
Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism.
A recommended admin password reset mechanism fo
recommended
|
mechanism
|
WebLogic
|
followed
|
password
|
October
|
before
|
Server
|
admin
|
reset
|
BEA
|
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
The cryptographic module in ScatterChat 1.0.x a
cryptographic
|
identifying
|
ScatterChat
|
collisions
|
encryption
|
attackers
|
mechanism
|
messages
|
birthday
|
patterns
|
identify
|
padding
|
numbers
|
custom
|
module
|
attack
|
allows
|
large
|
using
|
mode
|
10x
|
ECB
|
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.
Incomplete blacklist vulnerability in default.a
vulnerability
|
protection
|
characters
|
defaultasp
|
Incomplete
|
parameter
|
injection
|
attackers
|
mechanism
|
8pixelnet
|
blacklist
|
filtered
|
attacks
|
earlier
|
conduct
|
allows
|
Simple
|
remote
|
which
|
Blog
|
SQL
|
via
|
">"
|
not
|
Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.
Directory traversal vulnerability in the sessio
Administration
|
vulnerability
|
Visualized
|
interface
|
mechanism
|
traversal
|
Directory
|
Network
|
session
|
web
|
Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors.
Unspecified vulnerability in the info request m
vulnerability
|
Unspecified
|
mechanism
|
Messenger
|
request
|
before
|
info
|
LAN
|
Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors.
Unspecified vulnerability in the SIP module in
vulnerability
|
Unspecified
|
SIParator
|
Firewall
|
before
|
module
|
InGate
|
SIP
|
Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.
The mirror mechanism in SurgeFTP 2.3a1 allows u
user-assisted
|
mechanism
|
SurgeFTP
|
servers
|
service
|
denial
|
remote
|
mirror
|
allows
|
cause
|
23a1
|
FTP
|
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
Software vulnerabilities results 1 to 20 of 49
Page:
1
2
3
►