out software vulnerabilities
vulnerabilities.aspcode.net
Searching out software vulnerabilities
A network intrusion detection system (IDS) does
detection
|
intrusion
|
network
|
system
|
A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.
Idle locking function in MacOS 9 allows local u
application
|
protection
|
selecting
|
password
|
attempts
|
sessions
|
"Cancel"
|
attacker
|
function
|
session
|
locking
|
returns
|
dialog
|
verify
|
locked
|
option
|
bypass
|
allows
|
wants
|
which
|
MacOS
|
local
|
idled
|
users
|
into
|
"Log
|
user
|
Idle
|
Out"
|
log
|
out
|
box
|
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
Xylan OmniSwitch before 3.2.6 allows remote att
OmniSwitch
|
before
|
Xylan
|
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
The Red Hat Linux su program does not log faile
attackers
|
password
|
guessing
|
process
|
guesses
|
conduct
|
program
|
allows
|
before
|
killed
|
failed
|
Linux
|
which
|
local
|
force
|
brute
|
times
|
does
|
log
|
Red
|
not
|
out
|
Hat
|
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
The Check It Out shopping cart application allo
information
|
application
|
sensitive
|
purchase
|
shopping
|
modify
|
remote
|
hidden
|
fields
|
allows
|
Check
|
users
|
form
|
cart
|
via
|
Out
|
The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Small HTTP Server 2.01 allows remote attackers
Server
|
Small
|
HTTP
|
Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.
Beck GmbH IPC@Chip TelnetD service supports onl
administrator
|
connection
|
disconnect
|
connecting
|
attackers
|
complete
|
IPC@Chip
|
supports
|
TelnetD
|
service
|
process
|
account
|
allows
|
remote
|
which
|
login
|
lock
|
GmbH
|
only
|
does
|
user
|
Beck
|
not
|
one
|
out
|
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.
pt_chmod in Solaris 8 does not call fdetach to
privileges
|
terminals
|
modifying
|
terminal
|
pt_chmod
|
fdetach
|
Solaris
|
users'
|
allows
|
which
|
other
|
write
|
local
|
reset
|
users
|
does
|
call
|
ACL
|
TTY
|
not
|
log
|
out
|
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
The account lockout capability in Oblix NetPoin
capability
|
passwords
|
attackers
|
specified
|
guessing
|
password
|
NetPoint
|
lockout
|
conduct
|
account
|
without
|
waiting
|
earlier
|
remote
|
locked
|
easier
|
period
|
until
|
again
|
locks
|
being
|
Oblix
|
users
|
which
|
brute
|
makes
|
force
|
only
|
once
|
ends
|
then
|
out
|
The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.
Unknown vulnerability in the hosting process (d
vulnerability
|
process
|
hosting
|
Unknown
|
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
Directory traversal vulnerability in Jon Hedley
vulnerability
|
AlienForm2
|
Directory
|
traversal
|
Hedley
|
Jon
|
Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.
The library feature for Adobe Content Server 3.
attackers
|
customer
|
already
|
service
|
checked
|
Content
|
library
|
feature
|
remote
|
allows
|
verify
|
Server
|
denial
|
which
|
Adobe
|
cause
|
eBook
|
does
|
not
|
has
|
out
|
The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times.
The library feature for Adobe Content Server 3.
downloadasp
|
parameter
|
arbitrary
|
modified
|
attacker
|
loanMin
|
feature
|
library
|
Content
|
length
|
Server
|
allows
|
remote
|
check
|
Adobe
|
eBook
|
time
|
out
|
via
|
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.
Unknown vulnerability in cash_out and possibly
vulnerability
|
PostgreSQL
|
functions
|
possibly
|
cash_out
|
Unknown
|
other
|
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
CUPS before 1.1.19 allows remote attackers to c
before
|
CUPS
|
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
Buffer overflow in iwconfig, when installed set
environment
|
installed
|
arbitrary
|
variable
|
iwconfig
|
overflow
|
execute
|
Buffer
|
setuid
|
allows
|
users
|
local
|
long
|
code
|
via
|
OUT
|
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
NDMP server in Veritas NetBackup 5.1 allows att
out-of-range
|
dereference
|
attackers
|
NetBackup
|
timestamp
|
triggers
|
service
|
message
|
Veritas
|
allows
|
server
|
CONFIG
|
denial
|
which
|
cause
|
NDMP
|
null
|
via
|
NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference.
libungif library before 4.1.0 allows attackers
libungif
|
library
|
before
|
libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
The stripos function in PHP before 5.1.5 has un
function
|
stripos
|
before
|
PHP
|
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
Multiple CRLF injection vulnerabilities in call
vulnerabilities
|
callbothphp
|
AsteriDex
|
arbitrary
|
attackers
|
injection
|
commands
|
Multiple
|
earlier
|
inject
|
remote
|
shell
|
allow
|
CRLF
|
via
|
Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.
Software vulnerabilities results 1 to 20 of 148
Page:
1
2
3
4
5
...
8
►