non gssapi software vulnerabilities
vulnerabilities.aspcode.net
Searching non gssapi software vulnerabilities
In IIS, an attacker could determine a real path
non-existent
|
interpreted
|
determine
|
attacker
|
request
|
would
|
using
|
could
|
Perl
|
path
|
real
|
IIS
|
URL
|
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
Denial of service in Linux 2.0.36 allows local
service
|
Denial
|
Linux
|
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
A Windows NT system's file audit policy does no
non-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
A Windows NT system's registry audit policy doe
non-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
Lotus Domino HTTP server allows remote attacker
non-existent
|
attackers
|
determine
|
/cgi-bin
|
request
|
Domino
|
script
|
allows
|
remote
|
server
|
Lotus
|
real
|
HTTP
|
path
|
via
|
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin.
IIS 4.0 allows a remote attacker to obtain the
non-existent
|
requesting
|
extensions
|
pathname
|
document
|
attacker
|
remote
|
allows
|
obtain
|
files
|
root
|
real
|
IIS
|
idq
|
ida
|
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
The on-line help system options in Cisco router
non-privileged
|
information
|
sensitive
|
"enabled"
|
without
|
routers
|
command
|
options
|
on-line
|
access
|
obtain
|
system
|
allows
|
Cisco
|
users
|
show
|
help
|
via
|
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
Vulnerability in fetchmail 5.5.0-2 and earlier
Vulnerability
|
AUTHENTICATE
|
fetchmail
|
command
|
earlier
|
GSSAPI
|
550-2
|
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
tstisapi.dll in Pi3Web 1.0.1 web server allows
tstisapidll
|
Pi3Web
|
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
Microsoft Internet Explorer 4.0 through 6.0 cou
non-alphanumeric
|
differentiate
|
alphanumeric
|
brute-force
|
characters
|
Microsoft
|
password
|
Explorer
|
Internet
|
guessing
|
pressing
|
certain
|
control
|
conduct
|
between
|
through
|
attack
|
easier
|
which
|
makes
|
users
|
could
|
allow
|
local
|
used
|
keys
|
jump
|
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4
non-standard
|
non-Windows
|
filtering
|
ZoneAlarm
|
adapters
|
protocol
|
through
|
packets
|
created
|
bypass
|
allows
|
users
|
local
|
via
|
Pro
|
TCP
|
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
Tiny Personal Firewall 1.0 and 2.0 allows local
non-standard
|
non-Windows
|
filtering
|
Personal
|
Firewall
|
adapters
|
protocol
|
packets
|
created
|
bypass
|
allows
|
local
|
users
|
Tiny
|
via
|
TCP
|
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
The GetPassword function in function.php of Sit
functionphp
|
GetPassword
|
SiteNews
|
function
|
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Resin 2.1.1 allows remote attackers to cause a
Resin
|
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
direntry.c in Midnight Commander (mc) 4.5.55 an
Commander
|
direntryc
|
Midnight
|
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
The Admin Access With Levels plugin in osCommer
osCommerce
|
plugin
|
Levels
|
Access
|
Admin
|
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
forum_post.php in e107 0.6 allows remote attack
forum_postphp
|
non-existent
|
attackers
|
modifying
|
forums
|
number
|
allows
|
remote
|
forum
|
e107
|
post
|
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
Signal handler race condition in OpenSSH before
condition
|
attackers
|
OpenSSH
|
service
|
handler
|
remote
|
denial
|
Signal
|
before
|
allows
|
cause
|
race
|
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
Unspecified vulnerability in portable OpenSSH b
"authentication
|
vulnerability
|
Unspecified
|
determine
|
attackers
|
involving
|
usernames
|
platforms
|
validity
|
portable
|
vectors
|
unknown
|
OpenSSH
|
running
|
GSSAPI
|
allows
|
remote
|
abort"
|
before
|
some
|
via
|
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
The gssrpc__svcauth_gssapi function in the RPC
gssrpc__svcauth_gssapi
|
Kerberos
|
function
|
library
|
MIT
|
RPC
|
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
Software vulnerabilities results 1 to 20 of 170
Page:
1
2
3
4
5
...
9
►