Searching option software vulnerabilities

Denial of service in Ascend and 3com routers, w

rebooted | sending | routers | service | option | Denial | Ascend | length | which | 3com | zero | TCP | can |

Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option.


Buffer overflow in CDE dtmail and dtmailpr prog

privileges | dtmailpr | programs | overflow | option | allows | Buffer | dtmail | users | local | long | gain | CDE | via |

Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.


Idle locking function in MacOS 9 allows local u

application | protection | selecting | password | attempts | sessions | "Cancel" | attacker | function | session | locking | returns | dialog | verify | locked | option | bypass | allows | wants | which | MacOS | local | idled | users | into | "Log | user | Idle | Out" | log | out | box |

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.


AV Option for MS Exchange Server option for Ino

InoculateIT | Exchange | Option | Server |

AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.


Buffer overflow in Solaris chkperm command allo

overflow | chkperm | command | Solaris | option | access | Buffer | allows | users | local | long | gain | root | via |

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.


Buffer overflow in Solaris 7 lpset allows local

privileges | overflow | Solaris | Buffer | allows | option | users | local | lpset | long | gain | root | via |

Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.


Sendmail before 8.12.1, without the RestrictQue

Sendmail | before |

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.


Eudora 5.1 allows remote attackers to execute a

executables | attachments | arbitrary | Microsoft | activated | attackers | attacker | embedded | disabled | content" | Viewer" | execute | enabled | spoofs | causes | remote | option | Eudora | "allow | allows | access | which | email | image | user | "Use | code | form | link | HTML | via |

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.


Microsoft Outlook plug-in PGP version 7.0, 7.0.

Microsoft | version | plug-in | Outlook | PGP |

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.


pam_wheel in Linux-PAM 0.78, with the trust opt

Linux-PAM | pam_wheel |

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.


Buffer overflow in xbl 1.0k and earlier allows

privileges | -display | overflow | earlier | command | Buffer | option | allows | local | users | line | long | gain | xbl | via | 10k |

Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option.


Argument injection vulnerability in Opera befor

vulnerability | injection | Argument | before | Opera |

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.


Argument injection vulnerability in the SSH URI

vulnerability | injection | Argument | handler | Safari | Mac | SSH | URI |

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.


Multiple stack-based buffer overflows in the wo

word-list-compress | functionality | stack-based | compressc | arbitrary | overflows | properly | wordlist | Multiple | handled | execute | buffer | Aspell | entry | using | local | allow | users | long | code | via | not |

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.


The tcp_find_option function of the netfilter s

tcp_find_option | subsystem | netfilter | attackers | iptables | function | service | options | allows | remote | kernel | denial | cause | using | Linux | rules | TCP |

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.


TEXutil in ConTEXt, when executed with the --si

texutillog | arbitrary | overwrite | --silent | executed | TEXutil | ConTEXt | symlink | option | allows | attack | users | local | files | via |

TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.


The StateToOptions function in msfweb in Metasp

StateToOptions | Metasploit | Framework | function | running | earlier | option | msfweb |

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.


Format string vulnerability in the foreign_opti

foreign_option | vulnerability | dhcp-option | specifiers | arbitrary | optionsc | function | clients | execute | OpenVPN | command | option | allows | string | Format | remote | code | push | via | 20x |

Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.


Direct static code injection vulnerability in a

option/php-stats-optionsphp | option_new[report_w_day] | vulnerability | preferenze | parameter | attackers | PHP-Stats | injection | arbitrary | accessed | adminphp | crafted | execute | earlier | remote | action | allows | Direct | static | which | 0191b | later | code | PHP | via | can |

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.


The do_ipv6_setsockopt function in net/ipv6/ipv

net/ipv6/ipv6_sockgluec | do_ipv6_setsockopt | function | kernel | before | Linux |

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.


Software vulnerabilities results 1 to 20 of 273     
Page: 12345...14