possible software vulnerabilities
vulnerabilities.aspcode.net
Searching possible software vulnerabilities
A possible interaction between Apple MacOS X re
interaction
|
attackers
|
possible
|
release
|
service
|
between
|
allows
|
denial
|
remote
|
Apache
|
server
|
Apple
|
cause
|
MacOS
|
HTTP
|
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
nsd in IRIX 6.5 through 6.5.2 exports a virtual
through
|
IRIX
|
nsd
|
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
Avirt Mail 4.0 and 4.2 allows remote attackers
arbitrary
|
attackers
|
possible
|
commands
|
service
|
command
|
execute
|
remote
|
allows
|
denial
|
FROM"
|
"RCPT
|
Avirt
|
cause
|
"MAIL
|
Mail
|
long
|
via
|
TO"
|
Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possible execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.
mkpasswd in expect 5.2.8, as used by Red Hat Li
mkpasswd
|
expect
|
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
Mozilla Firefox before the Preview Release, Moz
Release
|
Preview
|
Mozilla
|
Firefox
|
before
|
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possible execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Engenio/LSI Logic storage controllers, as used
controllers
|
Engenio/LSI
|
Storagetek
|
products
|
storage
|
DS4100
|
Logic
|
used
|
D280
|
such
|
IBM
|
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
Multiple SQL injection vulnerabilities in Produ
vulnerabilities
|
ProductCart
|
arbitrary
|
attackers
|
injection
|
commands
|
Multiple
|
execute
|
remote
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
Cross-site scripting (XSS) vulnerability in Ama
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376.
Cross-site scripting (XSS) vulnerability in Nod
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability.
Cross-site scripting (XSS) vulnerability in dir
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492.
Cross-site scripting (XSS) vulnerability in sea
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.
Unspecified vulnerability in Kerio MailServer b
vulnerability
|
Unspecified
|
MailServer
|
before
|
Kerio
|
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection.
Unspecified vulnerability in IBM WebSphere Appl
vulnerability
|
Application
|
Unspecified
|
WebSphere
|
before
|
Server
|
IBM
|
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
PHP remote file inclusion vulnerability in Univ
vulnerability
|
University
|
inclusion
|
parameter
|
arbitrary
|
attackers
|
possibly
|
Columbia
|
earlier
|
execute
|
British
|
remote
|
allows
|
iPeer
|
page
|
code
|
file
|
PHP
|
via
|
URL
|
PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP.
SQL injection vulnerability in anna.pl in Anna^
vulnerability
|
injection
|
before
|
annapl
|
Anna^
|
SQL
|
Bot
|
IRC
|
SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues.
Unspecified vulnerability in Joomla! before 1.0
vulnerability
|
Unspecified
|
before
|
Joomla
|
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
Unspecified vulnerability in IBM OS/400 R530 an
vulnerability
|
Unspecified
|
"Integrity
|
involving
|
LIC-TCPIP
|
Problem"
|
vectors
|
unknown
|
related
|
attack
|
OS/400
|
impact
|
remote
|
reset
|
R530
|
R535
|
has
|
TCP
|
IBM
|
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
Cross-site scripting (XSS) vulnerability in HLs
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
PHP before 5.2.1 allows attackers to bypass saf
before
|
PHP
|
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
Software vulnerabilities results 1 to 20 of 89
Page:
1
2
3
4
5
►