pin software vulnerabilities
vulnerabilities.aspcode.net
Searching pin software vulnerabilities
AmTote International homebet program stores the
International
|
homebetlog
|
directory
|
attackers
|
homebet/
|
virtual
|
account
|
numbers
|
program
|
homebet
|
remote
|
AmTote
|
stores
|
allows
|
steal
|
which
|
file
|
PIN
|
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
Xircom REX 6000 allows local users to obtain th
Xircom
|
REX
|
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
AmTote International homebet program returns di
International
|
attackers
|
different
|
existence
|
determine
|
messages
|
provided
|
account
|
numbers
|
homebet
|
returns
|
program
|
invalid
|
allows
|
remote
|
attack
|
AmTote
|
force
|
brute
|
valid
|
codes
|
error
|
which
|
PIN
|
via
|
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
Pointsec before 1.2 for PalmOS stores a user's
plaintext
|
unlocked
|
retrieve
|
Pointsec
|
attacker
|
dumping
|
steals
|
allows
|
stores
|
PalmOS
|
before
|
memory
|
number
|
user's
|
which
|
local
|
Palm
|
PIN
|
Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.
Netfone.exe of NetTelephone 3.5.6 uses weak enc
NetTelephone
|
Netfoneexe
|
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts.
security.c in hcid for BlueZ 2.16, 2.17, and 2.
securityc
|
BlueZ
|
hcid
|
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
The event_pin_code_request function in the btsr
event_pin_code_request
|
function
|
daemon
|
btsrv
|
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
Sun Java Runtime Environment (JRE) in JDK and J
Environment
|
Runtime
|
Java
|
Sun
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.
Sun Java Runtime Environment (JRE) in JDK and J
Environment
|
Runtime
|
Java
|
Sun
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
Opera 9 drops DNS pins based on failed connecti
demonstrated
|
connections
|
established
|
irrelevant
|
attackers
|
rebinding
|
session
|
attacks
|
conduct
|
easier
|
remote
|
failed
|
based
|
drops
|
Opera
|
makes
|
which
|
ports
|
been
|
port
|
pins
|
had
|
DNS
|
TCP
|
IMG
|
URL
|
pin
|
SRC
|
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
Microsoft Internet Explorer 6 drops DNS pins ba
CVE-2006-4560
|
demonstrated
|
connections
|
established
|
irrelevant
|
attackers
|
different
|
rebinding
|
Microsoft
|
Internet
|
Explorer
|
conduct
|
session
|
attacks
|
remote
|
failed
|
easier
|
issue
|
drops
|
which
|
ports
|
based
|
makes
|
been
|
pins
|
port
|
than
|
TCP
|
IMG
|
URL
|
DNS
|
had
|
pin
|
SRC
|
Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
Interpretation conflict in the Sun Java Virtual
Interpretation
|
conflict
|
Virtual
|
Machine
|
Java
|
Sun
|
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.
Software vulnerabilities results 1 to 13 of 13
Page:
1