over software vulnerabilities
vulnerabilities.aspcode.net
Searching over software vulnerabilities
Certain programs in HP-UX 10.20 do not properly
programs
|
Certain
|
HP-UX
|
Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.
netstation.navio-com.rte 1.1.0.1 configuration
netstationnavio-comrte
|
netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.
Transparent Network Substrate (TNS) over Net8 (
Transparent
|
Substrate
|
Network
|
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
Pingtel xpressa SIP-based voice-over-IP phone 1
voice-over-IP
|
SIP-based
|
Pingtel
|
xpressa
|
phone
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
Pingtel xpressa SIP-based voice-over-IP phone 1
voice-over-IP
|
SIP-based
|
Pingtel
|
xpressa
|
phone
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
Unknown vulnerability in the ARP component for
vulnerability
|
component
|
attackers
|
destined
|
packets
|
another
|
service
|
Unknown
|
remote
|
denial
|
allows
|
Tru64
|
cause
|
host"
|
"take
|
UNIX
|
over
|
ARP
|
50a
|
40g
|
40f
|
Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.
Cisco VPN 3000 series concentrators and Cisco V
Cisco
|
VPN
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
The rotatelogs program on Apache before 1.3.28,
rotatelogs
|
program
|
before
|
Apache
|
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
The built-in web servers for multiple networkin
networking
|
attribute
|
sensitive
|
plaintext
|
sessions
|
multiple
|
built-in
|
servers
|
cookies
|
devices
|
session
|
Secure
|
server
|
cause
|
agent
|
those
|
which
|
HTTPS
|
could
|
over
|
same
|
HTTP
|
user
|
send
|
not
|
web
|
set
|
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
KDE Konqueror does not prevent cookies that are
Konqueror
|
insecure
|
cookies
|
channel
|
prevent
|
over
|
does
|
sent
|
KDE
|
not
|
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Mozilla does not prevent cookies that are sent
insecure
|
cookies
|
channel
|
prevent
|
Mozilla
|
does
|
over
|
sent
|
not
|
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Opera does not prevent cookies that are sent ov
insecure
|
cookies
|
channel
|
prevent
|
Opera
|
does
|
over
|
sent
|
not
|
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Cisco 7940/7960 Voice over IP (VoIP) phones do
7940/7960
|
Voice
|
Cisco
|
over
|
Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
fusermount in FUSE before 2.4.1, if installed s
fusermount
|
before
|
FUSE
|
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.
SmcGui.exe in Sygate Protection Agent 5.0 build
Protection
|
SmcGuiexe
|
Sygate
|
build
|
Agent
|
SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch.
Tamarack MMSd before 7.992 allows remote attack
Tamarack
|
before
|
MMSd
|
Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets.
Unspecified vulnerability in the HTTP proxy in
BorderManager
|
vulnerability
|
Unspecified
|
attackers
|
earlier
|
service
|
remote
|
denial
|
Novell
|
allows
|
cause
|
proxy
|
HTTP
|
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".
Microsoft Windows 2000 SP4 does not properly va
Microsoft
|
Windows
|
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
The leetnet functions (leetnet/rudp.cpp) in Out
functions
|
leetnet
|
The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read.
Unspecified vulnerability in IP over DNS is now
vulnerability
|
Unspecified
|
easy
|
over
|
now
|
DNS
|
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
Software vulnerabilities results 1 to 20 of 84
Page:
1
2
3
4
5
►