older software vulnerabilities
vulnerabilities.aspcode.net
Searching older software vulnerabilities
Adobe Acrobat Reader (acroread) 6, under certai
Acrobat
|
Reader
|
Adobe
|
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.
Buffer overflow in Zinf 2.2.1 on Windows, and o
overflow
|
Buffer
|
Zinf
|
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
pGina 1.7.6 and possibly older versions, when t
pGina
|
pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown.
Microsoft Windows XP SP2 and earlier, 2000 SP3
Microsoft
|
earlier
|
Windows
|
SP2
|
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
Integer signedness error in certain older versi
Mtp-Target
|
signedness
|
versions
|
library
|
Integer
|
certain
|
error
|
older
|
used
|
NeL
|
Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.
The original distribution of MyBulletinBoard (M
MyBulletinBoard
|
distribution
|
original
|
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
** DISPUTED ** Multiple cross-site scripting (
cross-site
|
scripting
|
DISPUTED
|
Multiple
|
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of Friday, May 12, 2006, CVE has not formally investigated this dispute.
Pioneers meta-server before 0.9.55, when the se
meta-server
|
Pioneers
|
before
|
Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.
** DISPUTED ** PHP remote file inclusion vulne
vulnerability
|
upgraderphp
|
inclusion
|
DISPUTED
|
Vanilla
|
remote
|
file
|
CMS
|
PHP
|
** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected.
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.
kernel
|
Linux
|
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
Unspecified vulnerability in Microsoft Powerpoi
TrojanPPDropperG
|
user-assisted
|
vulnerability
|
Unspecified
|
Powerpoint
|
arbitrary
|
attackers
|
Microsoft
|
exploited
|
unknown
|
vectors
|
execute
|
remote
|
allows
|
attack
|
code
|
via
|
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of Tuesday, February 13, 2007, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
Comodo Firewall Pro 2.4.18.184 and Comodo Perso
Firewall
|
Comodo
|
Pro
|
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
ircu 2.10.12.01 through 2.10.12.04 does not rem
ircu
|
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
ircu 2.10.12.05 and earlier ignores timestamps
ircu
|
ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.
PHP remote file inclusion vulnerability in visi
vulnerability
|
visitorphp
|
inclusion
|
Butterfly
|
visitors
|
counter
|
online
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter.
Software vulnerabilities results 1 to 16 of 16
Page:
1