new software vulnerabilities
vulnerabilities.aspcode.net
Searching new software vulnerabilities
Pine before version 3.94 allows local users to
version
|
before
|
Pine
|
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
Kerberos 4 (aka krb4) allows local users to ove
Kerberos
|
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
SSH before 2.0, when using RC4 and password aut
authentication
|
attackers
|
password
|
messages
|
remote
|
server
|
replay
|
before
|
allows
|
until
|
using
|
SSH
|
key
|
RC4
|
new
|
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
Workgroup Manager in Apple Mac OS X Server 10.2
Workgroup
|
Manager
|
Server
|
Apple
|
Mac
|
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
wMCam server 2.1.348 allows remote attackers to
server
|
wMCam
|
wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command.
The Javascript engine in Opera 7.23 allows remo
Javascript
|
engine
|
Opera
|
The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.
Serv-U FTP server before 5.1.0.0 has a default
server
|
before
|
Serv-U
|
FTP
|
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
Vulnerability in Access_user Class before 1.75
Vulnerability
|
Access_user
|
before
|
Class
|
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
kpopper 1.0 and earlier allows local users to c
popper-new
|
overwrite
|
arbitrary
|
temporary
|
earlier
|
symlink
|
kpopper
|
attack
|
create
|
allows
|
local
|
users
|
files
|
file
|
via
|
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
Directory traversal vulnerability in TinyPHPFor
vulnerability
|
TinyPHPForum
|
demonstrated
|
Directory
|
attackers
|
traversal
|
account
|
earlier
|
profile
|
create
|
remote
|
allows
|
topic
|
user
|
view
|
via
|
new
|
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.
settings.php in Reamday Enterprises Magic News
Enterprises
|
settingsphp
|
Reamday
|
Magic
|
Plus
|
News
|
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.
create.php in aoblogger 2.3 allows remote attac
authentication
|
createphp
|
attackers
|
aoblogger
|
parameter
|
entries
|
setting
|
create
|
remote
|
allows
|
bypass
|
blog
|
new
|
uza
|
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
SleeperChat 0.3f and earlier allows remote atta
authentication
|
SleeperChat
|
attackers
|
parameter
|
earlier
|
entries
|
create
|
allows
|
remote
|
bypass
|
txt
|
03f
|
new
|
via
|
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.
register.php in PunBB 1.2.10 allows remote atta
registerphp
|
PunBB
|
register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations.
Unspecified vulnerability in usermod in HP-UX B
vulnerability
|
permissions
|
directories
|
Unspecified
|
directory
|
ownership
|
intended
|
options
|
involve
|
usermod
|
certain
|
result
|
secure
|
change
|
which
|
under
|
files
|
B1111
|
B1100
|
B1123
|
HP-UX
|
cause
|
might
|
less
|
home
|
than
|
all
|
new
|
run
|
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4
Manager
|
Apple
|
MySQL
|
Mac
|
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter.
Till Gerken phpPolls 1.0.3 allows remote attack
phpPolls
|
Gerken
|
Till
|
Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create.
index.php in EJ3 TOPo 2.2.178 allows remote att
indexphp
|
TOPo
|
EJ3
|
index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID.
SQL injection vulnerability in modules/calendar
modules/calendar/weekphp
|
Moregroupware
|
vulnerability
|
injection
|
SQL
|
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
Software vulnerabilities results 1 to 20 of 213
Page:
1
2
3
4
5
...
11
►