might software vulnerabilities
vulnerabilities.aspcode.net
Searching might software vulnerabilities
A Windows NT system does not clear the system p
information
|
sensitive
|
shutdown
|
recorded
|
Windows
|
during
|
system
|
might
|
allow
|
which
|
clear
|
does
|
file
|
page
|
not
|
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
Buffer overflow in Microsoft Msinfo32.exe might
Msinfo32exe
|
msinfo_file
|
arbitrary
|
parameter
|
Microsoft
|
filename
|
overflow
|
command
|
execute
|
Buffer
|
local
|
allow
|
might
|
users
|
line
|
code
|
long
|
via
|
Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
Buffer overflow in vsybase.c in vpopmail 5.4.2
vsybasec
|
vpopmail
|
overflow
|
Buffer
|
Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.
Buffer overflow in the rdb_query function for D
rdb_query
|
arbitrary
|
attackers
|
function
|
overflow
|
execute
|
Buffer
|
Denora
|
allow
|
Stats
|
might
|
code
|
IRC
|
Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code.
setting.php in Innovative CMS (ICMS, formerly I
Innovative
|
settingphp
|
CMS
|
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processsed before content is returned to the user, so this might not be a vulnerability.
The Chatspot 2.0.0a7 module for phpBB might all
impersonate
|
attackers
|
Chatspot
|
vectors
|
unknown
|
remote
|
module
|
users
|
200a7
|
other
|
might
|
allow
|
phpBB
|
via
|
The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors.
SQL injection vulnerability in index.php in Ant
vulnerability
|
arbitrary
|
OnContent
|
attackers
|
injection
|
parameter
|
commands
|
indexphp
|
Antharia
|
execute
|
allows
|
remote
|
pid
|
SQL
|
CMS
|
via
|
SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE.
Kolab Server 2.0.0 and 2.0.1 does not properly
Server
|
Kolab
|
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.
The on-access scanner for McAfee Virex 7.7 for
circumstances
|
demonstrated
|
protection
|
malicious
|
Macintosh
|
on-access
|
attackers
|
accessed
|
activate
|
prevent
|
browser
|
content
|
scanner
|
remote
|
allows
|
McAfee
|
bypass
|
virus
|
might
|
EICAR
|
using
|
Virex
|
which
|
being
|
saved
|
test
|
some
|
file
|
web
|
not
|
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.
Directory traversal vulnerability in admin/dele
admin/deleteuserphp
|
vulnerability
|
Directory
|
traversal
|
HitHost
|
Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir.
Unspecified vulnerability in usermod in HP-UX B
vulnerability
|
permissions
|
directories
|
Unspecified
|
directory
|
ownership
|
intended
|
options
|
involve
|
usermod
|
certain
|
result
|
secure
|
change
|
which
|
under
|
files
|
B1111
|
B1100
|
B1123
|
HP-UX
|
cause
|
might
|
less
|
home
|
than
|
all
|
new
|
run
|
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
Stack-based buffer overflow in the tiffsplit co
Stack-based
|
tiffsplit
|
overflow
|
libtiff
|
command
|
buffer
|
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Event Viewer (eventvwr.exe) in Microsoft Window
Viewer
|
Event
|
Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.
Buffer overflow in ageet AGEphone before 1.4.0
AGEphone
|
overflow
|
Buffer
|
before
|
ageet
|
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
Buffer overflow in the open_sty function in mki
makeindex
|
function
|
open_sty
|
overflow
|
Buffer
|
mkindc
|
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
The Javascript engine in Mozilla 1.7 and earlie
collection
|
Javascript
|
involving
|
arbitrary
|
attackers
|
temporary
|
deletion
|
execute
|
garbage
|
vectors
|
Solaris
|
earlier
|
Mozilla
|
remote
|
causes
|
object
|
engine
|
allow
|
might
|
still
|
being
|
used
|
code
|
Sun
|
via
|
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
Cisco Secure ACS does not require authenticatio
authentication
|
require
|
Secure
|
Trust
|
Cisco
|
Agent
|
does
|
ACS
|
not
|
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices.
Multiple unspecified vulnerabilities in the G/P
vulnerabilities
|
unspecified
|
Multiple
|
G/PGP
|
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.
Buffer overflow in cli32 in Areca CLI 1.72.250
overflow
|
Buffer
|
Areca
|
cli32
|
CLI
|
Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid.
The management interface in ZyNOS firmware 3.62
management
|
interface
|
firmware
|
ZyNOS
|
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE.
Software vulnerabilities results 1 to 20 of 753
Page:
1
2
3
4
5
...
38
►