one time software vulnerabilities
vulnerabilities.aspcode.net
Searching one time software vulnerabilities
There is a one-way or two-way trust relationshi
relationship
|
Windows
|
between
|
domains
|
one-way
|
two-way
|
There
|
trust
|
There is a one-way or two-way trust relationship between Windows NT domains.
Various modems that do not implement a guard ti
configured
|
implement
|
attackers
|
arbitrary
|
sequence
|
commands
|
appears
|
execute
|
packets
|
subject
|
Various
|
message
|
modems
|
others
|
remote
|
e-mail
|
"+++"
|
guard
|
allow
|
modem
|
ICMP
|
such
|
time
|
ATH0
|
can
|
IRC
|
via
|
ATH
|
etc
|
not
|
Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
Xylan OmniSwitch before 3.2.6 allows remote att
OmniSwitch
|
before
|
Xylan
|
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
BroadVision One-To-One Enterprise allows remote
BroadVision
|
requesting
|
Enterprise
|
One-To-One
|
determine
|
attackers
|
physical
|
server
|
allows
|
remote
|
exist
|
files
|
name
|
does
|
path
|
file
|
not
|
JSP
|
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.
The remote admimnistration client for RhinoSoft
admimnistration
|
RhinoSoft
|
plaintext
|
One-Time
|
password
|
client
|
remote
|
Serv-U
|
S/KEY
|
sends
|
user
|
even
|
The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
One-Time Passwords In Everything (a.k.a OPIE) 2
Everything
|
Passwords
|
One-Time
|
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
RunAs (runas.exe) in Windows 2000 only creates
RunAs
|
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
The library feature for Adobe Content Server 3.
downloadasp
|
parameter
|
arbitrary
|
modified
|
attacker
|
loanMin
|
feature
|
library
|
Content
|
length
|
Server
|
allows
|
remote
|
check
|
Adobe
|
eBook
|
time
|
out
|
via
|
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.
CUPS before 1.1.19 allows remote attackers to c
before
|
CUPS
|
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
one||zero (aka One or Zero) Helpdesk 1.4 rc4 al
one||zero
|
one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script.
Real time clock (RTC) routines in Linux kernel
clock
|
time
|
Real
|
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
The maketemp.pl script in Usermin 1.070 and 1.0
maketemppl
|
Usermin
|
script
|
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Integer overflow in the NTP daemon (NTPd) befor
overflow
|
Integer
|
daemon
|
NTP
|
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
Advantage Century Telecommunication (ACT) P202S
Telecommunication
|
Advantage
|
Century
|
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks.
opiepasswd in One-Time Passwords in Everything
Everything
|
opiepasswd
|
Passwords
|
One-Time
|
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before Wednesday, March 22, 2006 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
PunBB uses a predictable cookie_seed value that
registration
|
cookie_seed
|
predictable
|
superadmin
|
account
|
derived
|
PunBB
|
value
|
uses
|
time
|
can
|
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
Apache Derby before 10.2.1.6 does not determine
before
|
Apache
|
Derby
|
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
OpenSSH, when using OPIE (One-Time Passwords in
OpenSSH
|
using
|
OPIE
|
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
NuFW 2.2.3, and certain other versions after 2.
NuFW
|
NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time.
The WebService (XML-RPC) interface in Bugzilla
WebService
|
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
Software vulnerabilities results 1 to 20 of 344
Page:
1
2
3
4
5
...
18
►