prompting software vulnerabilities
vulnerabilities.aspcode.net
Searching prompting software vulnerabilities
Internet Explorer 3.01 on Windows 95 allows rem
Explorer
|
Internet
|
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
Compaq/Microcom 6000 Access Integrator does not
Compaq/Microcom
|
Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password.
PowerPoint 95 and 97 allows remote attackers to
automatically
|
application
|
PowerPoint
|
prompting
|
attackers
|
Internet
|
possibly
|
document
|
browsers
|
Explorer
|
through
|
without
|
allows
|
remote
|
opened
|
cause
|
slide
|
such
|
user
|
show
|
run
|
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
The Microsoft Active Setup ActiveX component in
manufacturer
|
software's
|
components
|
component
|
Microsoft
|
prompting
|
attacker
|
software
|
Explorer
|
Internet
|
without
|
stating
|
ActiveX
|
install
|
remote
|
Active
|
allows
|
Setup
|
user
|
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
Cisco IOS 12.2 and earlier generates a "% Login
Cisco
|
IOS
|
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
ArGoSoft FTP before 1.4.2.1 generates an error
ArGoSoft
|
before
|
FTP
|
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
The web interface for Lotus Notes mail automati
automatically
|
attachment
|
interface
|
processes
|
prompting
|
attackers
|
web-based
|
without
|
conduct
|
attacks
|
cookies
|
easier
|
remote
|
makes
|
which
|
steal
|
Notes
|
Lotus
|
HTML
|
mail
|
user
|
open
|
save
|
web
|
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
Novell NetMail automatically processes HTML in
automatically
|
attachment
|
prompting
|
processes
|
attackers
|
web-based
|
attacks
|
conduct
|
NetMail
|
cookies
|
without
|
easier
|
remote
|
Novell
|
steal
|
which
|
makes
|
user
|
HTML
|
open
|
save
|
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1
OpenOfficeorg
|
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
Microsoft Internet Explorer 7, when prompting f
xn--theshmogroup-bgkcom
|
internationalized
|
Authentication
|
misinterprets
|
demonstrated
|
characters
|
displaying
|
confusable
|
attackers
|
prompting
|
Microsoft
|
Internet
|
Explorer
|
phishing
|
attacks
|
perform
|
remote
|
dialog
|
domain
|
labels
|
status
|
Basic
|
allow
|
which
|
might
|
user
|
HTTP
|
only
|
name
|
uses
|
site
|
web
|
IDN
|
ACE
|
but
|
bar
|
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
Software vulnerabilities results 1 to 11 of 11
Page:
1