prompt software vulnerabilities
vulnerabilities.aspcode.net
Searching prompt software vulnerabilities
Xyplex terminal server 6.0.1S1, and possibly ot
attackers
|
versions
|
entering
|
password
|
possibly
|
terminal
|
bypass
|
Xyplex
|
prompt
|
server
|
allows
|
remote
|
other
|
601S1
|
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark).
US Robotics/3Com Total Control Chassis with Fra
Robotics/3Com
|
Chassis
|
between
|
Control
|
Total
|
Relay
|
Frame
|
US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt.
Macromedia "The Matrix" screen saver on Windows
protected"
|
Macromedia
|
attackers
|
"Password
|
physical
|
pressing
|
password
|
enabled
|
machine
|
Windows
|
Matrix"
|
screen
|
bypass
|
prompt
|
allows
|
option
|
access
|
saver
|
"The
|
ESC
|
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
Xylan OmniSwitch before 3.2.6 allows remote att
OmniSwitch
|
before
|
Xylan
|
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
When a new SQL Server is registered in Enterpri
registered
|
Enterprise
|
encryption
|
Microsoft
|
password"
|
password
|
"Always
|
Manager
|
Server
|
option
|
prompt
|
login
|
store
|
uses
|
weak
|
then
|
name
|
SQL
|
new
|
not
|
set
|
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
MDaemon Pro 3.5.1 and earlier allows local user
MDaemon
|
Pro
|
MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.
Internet Explorer 5.50.4134.0100 on Windows ME
Explorer
|
Internet
|
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
Windows 2000 and Windows NT allows local users
Windows
|
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
WorkforceROI Xpede 4.1 allows remote attackers
/admin/adminprocasp
|
administrator
|
WorkforceROI
|
privileges
|
attackers
|
password
|
request
|
script
|
prompt
|
direct
|
remote
|
allows
|
Xpede
|
which
|
HTTP
|
does
|
gain
|
via
|
not
|
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
Emacs 21.2.1 does not prompt or warn the user b
Emacs
|
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
Internet Explorer on Windows XP does not proper
security-sensitive
|
configuration
|
inconsistent
|
operations
|
"Disable"
|
"Prompt"
|
Explorer
|
Internet
|
properly
|
intended
|
setting
|
Windows
|
enable
|
modify
|
files"
|
user's
|
"Drag
|
which
|
paste
|
user
|
does
|
Drop
|
copy
|
sets
|
may
|
not
|
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
Firefox before 1.0 does not properly distinguis
user-generated
|
distinguish
|
Javascript
|
synthetic
|
attackers
|
Alt-click
|
download
|
properly
|
feature
|
Firefox
|
between
|
prompt
|
bypass
|
remote
|
events
|
before
|
allows
|
click
|
which
|
uses
|
does
|
user
|
file
|
use
|
not
|
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
Firefox before 1.0.1 and Mozilla before 1.7.6,
Firefox
|
before
|
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
Bay Technical Associates RPC-3 Telnet Host 3.05
Associates
|
Technical
|
Telnet
|
RPC-3
|
Host
|
Bay
|
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
Acrowave AAP-3100AR wireless router allows remo
authentication
|
AAP-3100AR
|
attackers
|
pressing
|
password
|
username
|
Acrowave
|
wireless
|
restart
|
session
|
bypass
|
telnet
|
remote
|
causes
|
CTRL-C
|
router
|
prompt
|
allows
|
leave
|
crash
|
which
|
shell
|
user
|
then
|
new
|
Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell.
Stack-based buffer overflow in ppp in SCO Unixw
Stack-based
|
Unixware
|
overflow
|
buffer
|
SCO
|
ppp
|
Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.
** DISPUTED ** GNU screen 4.0.3 allows local u
DISPUTED
|
screen
|
GNU
|
** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.
Buffer overflow in backup/src/vmsbackup.c (aka
backup/src/vmsbackupc
|
overflow
|
Buffer
|
Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt.
Mail in Apple iPhone 1.1.1 allows remote user-a
iPhone
|
Apple
|
Mail
|
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
Apple Safari for Windows 3.0.3 and earlier does
Windows
|
Safari
|
Apple
|
Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.
Software vulnerabilities results 1 to 20 of 34
Page:
1
2
►