Searching names software vulnerabilities

Eudora 4.1 allows remote attackers to perform a

attachments | attackers | perform | sending | service | denial | Eudora | allows | remote | names | file | long |

Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names.


Buffer overflow in Linux autofs module through

directory | overflow | perform | through | service | allows | denial | Buffer | module | autofs | Linux | users | names | local | long |

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.


Falcon web server allows remote attackers to de

attackers | determine | absolute | Falcon | server | allows | remote | names | long | file | path | root | web | via |

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.


ssh 2.0.12, and possibly other versions, allows

ssh |

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.


Netware Enterprise Web Server 5.1 running Group

Enterprise | WebAccess | GroupWise | Directory | Services | Netware | running | Novell | Server | Web |

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.


vWebServer 1.2.0 allows remote attackers to cau

vWebServer |

vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.


CesarFTP 0.99g stores user names and passwords

settingsini | privileges | passwords | plaintext | CesarFTP | stores | could | local | allow | which | names | users | gain | 099g | user | file |

CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.


IBM Net.Data allows remote attackers to obtain

information | attackers | sensitive | passwords | possibly | causing | NetData | remote | server | allows | obtain | names | user | such | path | IBM |

IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.


Utempter allows device names that contain .. (d

Utempter | contain | device | allows | names |

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.


Sophos Small Business Suite 1.00 on Windows doe

Business | Sophos | Suite | Small |

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.


Nettica Corporation INTELLIPEER Email Server 1.

INTELLIPEER | Corporation | Nettica | Server | Email |

Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.


Netenberg Fantastico De Luxe 2.8 uses database

world-readable | /var/lib/mysql | permissions | associated | Fantastico | usernames | determine | Netenberg | database | assigned | attacks | conduct | reading | contain | cPanel | allows | force | brute | which | names | local | valid | users | Luxe | uses | file |

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.


Directory traversal vulnerability in Microsoft

vulnerability | attackers | sequences | overwrite | Microsoft | traversal | Directory | archive | cabarc | remote | allows | names | files | file | CAB | via | "/" |

Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.


Certain Perl scripts in Konversation 0.15 allow

Konversation | scripts | Certain | Perl |

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC sripts.


The International Domain Name (IDN) support in

International | Domain | Name |

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.


The International Domain Name (IDN) support in

International | Domain | Name |

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.


The International Domain Name (IDN) support in

International | Domain | Name |

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.


PHP-Post allows remote attackers to spoof the n

hex-encoded | registering | characters | containing | attackers | username | PHP-Post | remote | allows | names | spoof | users | other |

PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.


Unknown vulnerability in "the function used to

vulnerability | Serendipity | path-names | uploading | function | validate | Unknown | impact | before | media" | used | "the | has |

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.


slocate 3.1 does not properly manage database e

directories | protected | properly | database | entries | specify | slocate | private | allows | manage | obtain | users | local | names | files | which | does | not |

slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.


Software vulnerabilities results 1 to 20 of 200     
Page: 12345...11