problem software vulnerabilities
vulnerabilities.aspcode.net
Searching problem software vulnerabilities
The JavaScript settimeout function in Internet
settimeout
|
JavaScript
|
attackers
|
Explorer
|
function
|
Internet
|
service
|
denial
|
allows
|
remote
|
cause
|
The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (stack exhaustion and crash), possibly as a result of recursion. NOTE: the vendor could not reproduce the problem.
ssdpsrv.exe in Windows ME allows remote attacke
ssdpsrvexe
|
Discovery
|
attackers
|
newlines
|
multiple
|
Protocol
|
sending
|
service
|
Windows
|
Simple
|
remote
|
allows
|
denial
|
cause
|
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
LCC-Win32 3.2 compiler, when running on Windows
information
|
previously
|
LCC-Win32
|
sensitive
|
attackers
|
compiler
|
portions
|
Windows
|
running
|
import
|
writes
|
memory
|
allow
|
could
|
after
|
table
|
which
|
used
|
gain
|
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
Unknown vulnerability in the "Automatic File Co
vulnerability
|
Recognition
|
"Automatic
|
Content
|
Unknown
|
Type
|
File
|
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
Help Center (HelpCtr.exe) may allow remote atta
Center
|
Help
|
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
Unspecified vulnerability in PHP Live! before 2
vulnerability
|
Unspecified
|
before
|
Live
|
PHP
|
Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors.
A locking problem in POSIX timer cleanup handli
handling
|
cleanup
|
problem
|
locking
|
kernel
|
Linux
|
timer
|
POSIX
|
exit
|
A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263).
Mozilla Firefox 1.0.7 and earlier on Linux allo
Firefox
|
Mozilla
|
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.
PHP remote file include vulnerability in functi
functions_adminphp
|
vulnerability
|
Virtual
|
include
|
remote
|
file
|
War
|
PHP
|
PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem.
The powersave daemon in SUSE Linux 10.0 before
powersave
|
daemon
|
Linux
|
SUSE
|
The powersave daemon in SUSE Linux 10.0 before Friday, October 07, 2005 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions.
Cross-site scripting (XSS) vulnerability in PHP
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
fold_binary in fold-const.c in GNU Compiler Col
fold-constc
|
fold_binary
|
Collection
|
Compiler
|
GNU
|
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. NOTE: followup posts have disputed whether this is a compiler problem or an application problem, since some of the reported expressions might be undefined in C standards.
Cross-site scripting (XSS) vulnerability in hor
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
Directory traversal vulnerability in PG Problem
vulnerability
|
Directory
|
traversal
|
Problem
|
module
|
Editor
|
Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory.
Cross-site scripting (XSS) vulnerability in Cal
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.
Unspecified vulnerability in IBM OS/400 R530 an
vulnerability
|
Unspecified
|
"Integrity
|
involving
|
LIC-TCPIP
|
Problem"
|
vectors
|
unknown
|
related
|
attack
|
OS/400
|
impact
|
remote
|
reset
|
R530
|
R535
|
has
|
TCP
|
IBM
|
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
Cross-site scripting (XSS) vulnerability in cal
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
The CUPS service on SUSE Linux before 20070720
service
|
before
|
Linux
|
CUPS
|
SUSE
|
The CUPS service on SUSE Linux before Friday, July 20, 2007 allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem.
Unspecified vulnerability in Skype allows remot
vulnerability
|
Unspecified
|
attackers
|
service
|
denial
|
allows
|
remote
|
Skype
|
cause
|
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on Friday, August 17, 2007 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on Friday, August 17, 2007, which appears to be a site-specific problem. As of Tuesday, August 21, 2007, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Software vulnerabilities results 1 to 20 of 64
Page:
1
2
3
4
►