products software vulnerabilities
vulnerabilities.aspcode.net
Searching products software vulnerabilities
Buffer overflow in Adobe Acrobat 4.05, Reader,
overflow
|
Acrobat
|
Buffer
|
Adobe
|
Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
Buffer overflow in cpqlogin.htm in web-enabled
cpqloginhtm
|
web-enabled
|
management
|
attackers
|
arbitrary
|
software
|
products
|
commands
|
overflow
|
Manager
|
execute
|
Insight
|
various
|
agents
|
Buffer
|
Compaq
|
allows
|
remote
|
long
|
user
|
such
|
name
|
via
|
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
Palm OS 3.5h and possibly other versions, as us
Handspring
|
attackers
|
versions
|
products
|
possibly
|
connect
|
service
|
denial
|
allows
|
remote
|
Xircom
|
cause
|
other
|
Visor
|
scan
|
Palm
|
used
|
nmap
|
35h
|
via
|
TCP
|
Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap.
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.
Bugzilla
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.
Multi-Tech ProxyServer products MTPSR1-100, MTP
administrative
|
MTPSR1-202ST
|
ProxyServer
|
MTPSR2-201
|
MTPSR3-200
|
privileges
|
Multi-Tech
|
MTPSR1-120
|
MTPSR1-100
|
attackers
|
password
|
products
|
Telnet
|
remote
|
allows
|
which
|
HTTP
|
gain
|
null
|
ship
|
via
|
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.
The web-based administration capability for var
admin/adminshtml
|
administration
|
configuration
|
restrictions
|
capability
|
containing
|
attackers
|
web-based
|
products
|
request
|
Network
|
leading
|
various
|
modify
|
Camera
|
bypass
|
remote
|
access
|
allows
|
Axis
|
HTTP
|
via
|
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Venturi Client before 2.2, as used in certain F
protocols
|
including
|
Fourelle
|
Wireless
|
products
|
spammers
|
various
|
Venturi
|
certain
|
Client
|
abused
|
before
|
allows
|
which
|
relay
|
proxy
|
used
|
open
|
SMTP
|
can
|
Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.
Multiple content security gateway and antivirus
restrictions
|
differently
|
interpreted
|
antivirus
|
attackers
|
Multiple
|
messages
|
products
|
security
|
content
|
gateway
|
clients
|
fields
|
bypass
|
remote
|
which
|
allow
|
name
|
MIME
|
mail
|
same
|
via
|
use
|
may
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients.
Multiple content security gateway and antivirus
restrictions
|
differently
|
interpreted
|
whitespace
|
attackers
|
antivirus
|
Multiple
|
messages
|
products
|
security
|
unusual
|
gateway
|
content
|
fashion
|
clients
|
bypass
|
remote
|
which
|
allow
|
MIME
|
mail
|
via
|
use
|
may
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients.
describecomponents.cgi in Bugzilla 2.17.3 and 2
describecomponentscgi
|
Bugzilla
|
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
The Session Initiation Protocol (SIP) implement
Initiation
|
Protocol
|
Session
|
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
Multiple content security gateway and antivirus
restrictions
|
differently
|
interpreted
|
attackers
|
antivirus
|
encoding
|
Multiple
|
messages
|
products
|
security
|
content
|
RFC2047
|
gateway
|
clients
|
fields
|
bypass
|
remote
|
which
|
allow
|
MIME
|
mail
|
via
|
use
|
may
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.
FUDForum 2.6.15 with "Tree View" enabled, as us
FUDForum
|
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
Buffer overflow in the LZX decompression in CHM
decompression
|
overflow
|
Buffer
|
Lib
|
CHM
|
LZX
|
Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.
Unspecified vulnerability in Hitachi JP1 produc
vulnerability
|
Unspecified
|
attackers
|
products
|
Hitachi
|
service
|
remote
|
denial
|
cause
|
allow
|
JP1
|
Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.
A third-party installer generation tool, possib
bitrock_installerlog
|
InstallBuilder
|
third-party
|
Process-one
|
generation
|
generates
|
including
|
installer
|
temporary
|
ejabberd
|
possibly
|
products
|
service
|
symlink
|
BitRock
|
earlier
|
denial
|
attack
|
allows
|
111_1
|
users
|
local
|
cause
|
tool
|
file
|
used
|
via
|
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.
The RSA Crypto-C before 6.3.1 and Cert-C before
Crypto-C
|
before
|
RSA
|
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.
Stack-based buffer overflow in the Message Queu
Stack-based
|
overflow
|
Queuing
|
Message
|
Server
|
buffer
|
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
Heap-based buffer overflow in the Decomposer co
Decomposer
|
Heap-based
|
component
|
attackers
|
arbitrary
|
products
|
Symantec
|
overflow
|
archives
|
multiple
|
execute
|
crafted
|
buffer
|
allows
|
remote
|
code
|
CAB
|
via
|
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
Software vulnerabilities results 1 to 20 of 321
Page:
1
2
3
4
5
...
17
►