provided software vulnerabilities

Searching provided software vulnerabilities

rsh daemon (rshd) generates different error mes

rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.

The shopping cart application provided with Fil

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

CITRIX Metaframe 1.8 logs the Client Address (I

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

qpopper 4.01 with PAM based authentication on R

qpopper |

qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.

The challenge-response authentication of the EX

The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.

AmTote International homebet program returns di

AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.

graph.php in Ganglia PHP RRD Web Client 1.0.2 a

graphphp | Ganglia | Client | Web | PHP | RRD |

graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function.

The LDAP name service (nsd) in IRIX 6.5.19 and

service | name | LDAP |

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

Partition Manager (parmgr) in HP-UX B.11.23 doe

Partition | Manager |

Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.

cpr (libcpr) in SGI IRIX before 6.5.25 allows l

cpr |

cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process.

Format string vulnerability in the msg function

Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.

Format string vulnerability in OllyDbg 1.10 all

vulnerability | OllyDbg | Format | string |

Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.

NcFTP client 3.1.6 and 3.1.7, when the username

client | NcFTP |

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

BNC 2.9.0 only grants access when an incorrect

BNC |

BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.

The Quick Connection dialog in Konversation 0.1

Konversation | Connection | dialog | Quick |

The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.

xmb.php in XMB Forum 1.9.1 extracts and defines

xmbphp | Forum | XMB |

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].

OpenSSH 4.0, and other versions before 4.2, doe

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

Firefox 1.0.6 and Mozilla 1.7.10 allows attacke

Firefox |

Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.

check.php in Hinton Design phphd 1.0 does not c

check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication.

SCTP in Linux kernel before 2.6.16.17 allows re

kernel | before | Linux | SCTP |

SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.

Software vulnerabilities results 1 to 20 of 61

Page: 12 3 4 ►

provided software vulnerabilities

vulnerabilities.aspcode.net

Searching provided software vulnerabilities