Searching mini software vulnerabilities

mSQL (Mini SQL) 2.0.6 allows remote attackers t

mSQL |

mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.


Acme mini_httpd before 1.16 allows remote attac

mini_httpd | before | Acme |

Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.


Hughes Technology Mini SQL 2.0.10 through 2.0.1

Technology | Hughes | Mini | SQL |

Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.


Buffer overflow in the mini-browser for Winamp

mini-browser | overflow | Winamp | Buffer |

Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.


Directory traversal vulnerability in Daniel Are

vulnerability | traversal | Directory | Server | Daniel | Arenz | Mini |

Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences.


Buffer overflow in DameWare Mini Remote Control

DameWare | overflow | Control | Remote | Buffer | before | Mini |

Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.


Dameware Mini Remote Control 4.1.0.0 uses insuf

Dameware | Control | Remote | Mini |

Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.


DameWare Mini Remote Control 3.x before 3.74 an

DameWare | Control | before | Remote | Mini |

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.


The Mini FTP server in Novell iChain 2.2 and 2.

unauthenticated | attackers | earlier | command | obtain | allows | remote | Novell | server | iChain | full | path | Mini | PWD | via | SP2 | FTP |

The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.


Novell iChain Mini FTP Server 2.3 displays diff

information | facilitates | attackers | different | sensitive | messages | displays | attacks | allows | remote | obtain | iChain | Server | exists | Novell | brute | which | force | error | Mini | user | FTP | not |

Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.


Novell iChain Mini FTP Server 2.3, and possibly

attackers | incorrect | possibly | versions | conduct | attacks | earlier | easier | number | remote | logins | Server | iChain | Novell | limit | force | brute | login | which | makes | does | Mini | not | FTP |

Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.


Unknown vulnerability in DameWare NT Utilities

vulnerability | additional | Utilities | DameWare | Unknown | Control | earlier | rights | allows | Remote | users | local | Mini | gain |

Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights.


Buffer overflow in dwrcs.exe in DameWare Mini R

dwrcsexe | DameWare | overflow | Control | Remote | Buffer | before | Mini |

Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.


Google Mini Search Appliance, and possibly Goog

arbitrary | attackers | comparing | resulting | determine | Appliance | messages | possibly | modified | targets | Google | allows | closed | Search | remote | error | ports | hosts | port | open | Mini | then | URLs | scan | via |

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.


SQL injection vulnerability in news.asp in Mini

vulnerability | injection | Mini-Nuke | newsasp | System | CMS | SQL |

SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.


membership.asp in Mini-Nuke CMS System 1.8.2 an

membershipasp | Mini-Nuke | System | CMS |

membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter.


SQL injection vulnerability in pages.asp in Min

vulnerability | injection | Mini-Nuke | pagesasp | System | CMS | SQL |

SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.


SQL injection vulnerability in Your_Account.asp

Your_Accountasp | vulnerability | attackers | arbitrary | Mini-Nuke | injection | commands | execute | earlier | allows | remote | via | SQL |

SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.


membership.asp in Mini-Nuke 2.3 and earlier use

membershipasp | plaintext | automated | attackers | Mini-Nuke | multiple | register | security | scripts | earlier | allows | remote | codes | times | which | uses | via |

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts.


Google Mini 4.4.102.M.36 and earlier allows rem

information | sensitive | attackers | parameter | 44102M36 | message | invalid | reveals | request | /search | earlier | client | Google | allows | obtain | direct | remote | error | which | Mini | path | via |

Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.


Software vulnerabilities results 1 to 20 of 40     
Page: 123