Searching protect software vulnerabilities

The IDEA cipher as implemented by SSH1 does not

modification | implemented | redundancy | detection | attackers | changing | message | without | against | protect | allows | remote | cipher | cyclic | modify | check | block | final | which | does | SSH1 | IDEA | its | not |

The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.


The "block fragmented IP Packets" option in Sym

fragmented | Personal | Symantec | Firewall | Packets" | Norton | "block | option |

The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).


Iptables before 1.2.11, under certain condition

Iptables | before |

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.


SQL injection vulnerability in Password Protect

authentication | vulnerability | statements | arbitrary | injection | attackers | Password | execute | Protect | bypass | allows | remote | via | SQL |

SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.


Cross-site scripting (XSS) vulnerability in (1)

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.


ZPanel 2.0 and 2.5 beta 10 does not remove or p

installation | installphp | attackers | reinstall | possibly | software | service | scripts | request | protect | allows | ZPanel | remote | denial | remove | direct | cause | after | which | does | beta | they | been | used | have | via | not |

ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php.


NotifyLink, when configured for client key retr

/hwp/getasp | encryption | NotifyLink | configured | retrieval | attackers | request | direct | obtain | allows | scheme | client | remote | then | uses | keys | weak | key | AES | via |

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.


Unknown vulnerability in the Auto-Protect modul

vulnerability | Auto-Protect | AntiVirus | Symantec | Unknown | Norton | module |

Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.


The SmartScan feature in the Auto-Protect modul

Auto-Protect | AntiVirus | SmartScan | Symantec | feature | Norton | module |

The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.


Mafia Blog .4 BETA does not properly protect th

writeinfophp | arbitrary | directory | attackers | properly | protect | infophp | execute | remote | inject | allows | Mafia | using | which | admin | BETA | into | Blog | does | code | not | PHP |

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.


Linux 2.6.11 on 64-bit x86 (x86_64) platforms d

Linux |

Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service.


Advansysperu Software USB Lock Auto-Protect (AP

Auto-Protect | Advansysperu | Software | Lock | USB |

Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.


Help Desk Reloaded Free Help Desk does not remo

accountsetupphp | installation | privileges | installphp | navigating | attackers | complete | creating | Reloaded | request | protect | remote | direct | allows | remove | which | Free | then | Desk | Help | user | gain | once | does | new | not | via |

Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user.


Nodezilla 0.4.13-corno-fulgure does not properl

0413-corno-fulgure | PRIVATEDATADIR | nodezillaini | information | directory | protected | attackers | sensitive | Nodezilla | properly | evl_data | protect | shared | remote | allows | obtain | which | could | allow | does | them | they | not |

Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information.


Zen Cart before 1.2.7 does not protect the admi

before | Cart | Zen |

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.


Destiney Links Script 2.1.2 does not protect li

Destiney | Script | Links |

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories.


Symantec Norton Personal Firewall 2006 9.1.0.33

Personal | Firewall | Symantec | Norton |

Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.


ScaryBear PocketExpense Pro 3.9.1 uses an inter

PocketExpense | ScaryBear | Pro |

ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.


include/auth/auth.php in Simple Invoices before

include/auth/authphp | Invoices | before | Simple |

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.


TIBCO Rendezvous (RV) 7.5.2 does not protect co

Rendezvous | TIBCO |

TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.


Software vulnerabilities results 1 to 20 of 40     
Page: 123