non removable software vulnerabilities
vulnerabilities.aspcode.net
Searching non removable software vulnerabilities
In IIS, an attacker could determine a real path
non-existent
|
interpreted
|
determine
|
attacker
|
request
|
would
|
using
|
could
|
Perl
|
path
|
real
|
IIS
|
URL
|
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
Denial of service in Linux 2.0.36 allows local
service
|
Denial
|
Linux
|
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
A Windows NT system's file audit policy does no
non-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
A Windows NT system's registry audit policy doe
non-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
A Windows NT system does not restrict access to
removable
|
restrict
|
Windows
|
floppy
|
drives
|
access
|
system
|
CDROM
|
drive
|
media
|
does
|
disk
|
such
|
not
|
A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.
Lotus Domino HTTP server allows remote attacker
non-existent
|
attackers
|
determine
|
/cgi-bin
|
request
|
Domino
|
script
|
allows
|
remote
|
server
|
Lotus
|
real
|
HTTP
|
path
|
via
|
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin.
IIS 4.0 allows a remote attacker to obtain the
non-existent
|
requesting
|
extensions
|
pathname
|
document
|
attacker
|
remote
|
allows
|
obtain
|
files
|
root
|
real
|
IIS
|
idq
|
ida
|
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
The on-line help system options in Cisco router
non-privileged
|
information
|
sensitive
|
"enabled"
|
without
|
routers
|
command
|
options
|
on-line
|
access
|
obtain
|
system
|
allows
|
Cisco
|
users
|
show
|
help
|
via
|
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
tstisapi.dll in Pi3Web 1.0.1 web server allows
tstisapidll
|
Pi3Web
|
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
Microsoft Internet Explorer 4.0 through 6.0 cou
non-alphanumeric
|
differentiate
|
alphanumeric
|
brute-force
|
characters
|
Microsoft
|
password
|
Explorer
|
Internet
|
guessing
|
pressing
|
certain
|
control
|
conduct
|
between
|
through
|
attack
|
easier
|
which
|
makes
|
users
|
could
|
allow
|
local
|
used
|
keys
|
jump
|
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4
non-standard
|
non-Windows
|
filtering
|
ZoneAlarm
|
adapters
|
protocol
|
through
|
packets
|
created
|
bypass
|
allows
|
users
|
local
|
via
|
Pro
|
TCP
|
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
Tiny Personal Firewall 1.0 and 2.0 allows local
non-standard
|
non-Windows
|
filtering
|
Personal
|
Firewall
|
adapters
|
protocol
|
packets
|
created
|
bypass
|
allows
|
local
|
users
|
Tiny
|
via
|
TCP
|
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
The GetPassword function in function.php of Sit
functionphp
|
GetPassword
|
SiteNews
|
function
|
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
Resin 2.1.1 allows remote attackers to cause a
Resin
|
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
direntry.c in Midnight Commander (mc) 4.5.55 an
Commander
|
direntryc
|
Midnight
|
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
The Admin Access With Levels plugin in osCommer
osCommerce
|
plugin
|
Levels
|
Access
|
Admin
|
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Gaim before 1.3.1 allows remote attackers to ca
before
|
Gaim
|
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
forum_post.php in e107 0.6 allows remote attack
forum_postphp
|
non-existent
|
attackers
|
modifying
|
forums
|
number
|
allows
|
remote
|
forum
|
e107
|
post
|
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
Spb Kiosk Engine 1.0.0.1 allows local users to
Engine
|
Kiosk
|
Spb
|
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.
F-Secure Anti-Virus 2003 through 2006 and other
Anti-Virus
|
F-Secure
|
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls.
Software vulnerabilities results 1 to 20 of 169
Page:
1
2
3
4
5
...
9
►