Searching providing software vulnerabilities

Compaq/Microcom 6000 Access Integrator does not

Compaq/Microcom |

Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password.


runtar in the Amanda backup system used in vari

privileges | operating | providing | arbitrary | overwrite | executes | systems | various | allows | target | Amanda | system | runtar | backup | files | which | read | root | UNIX | user | used | tar |

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.


The Windows NT scheduler uses the drive mapping

interactive | privileges | currently | providing | scheduler | original | mapping | Windows | system | Trojan | logged | allows | place | batch | horse | which | drive | local | file | uses | gain | onto | user |

The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.


Navision Financials Server 2.0 allows remote at

username/password | combination | connections | Financials | providing | attackers | Navision | consumes | without | license | service | Server | remote | allows | series | limits | denial | cause | which | via |

Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.


Avaya Argent Office 2.1 may allow remote attack

legitimate | providing | attackers | broadcast | HoldMusic | alternate | response | spoofing | server's | Office | remote | Argent | change | allow | Avaya | music | file | hold | TFTP | may |

Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.


WSSecurity.pl in WebStore allows remote attacke

authentication | WSSecuritypl | attackers | providing | WebStore | filename | program | exists | easier | remote | allows | bypass | which | made |

WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).


Cross-site scripting vulnerability in DCP-Porta

user_updatephp | vulnerability | information | privileges | Javascript | DCP-Portal | Cross-site | providing | scripting | attackers | earlier | portal | allows | remote | field | users | other | gain | job |

Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.


X-News (x_news) 1.1 and earlier allows attacker

X-News |

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.


Network Associates PGP 7.0.4 and 7.1 does not t

Associates | Network | PGP |

Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.


uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier

UniVerse | uvadmsh | IBM |

uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.


signup_page.php in Mantis bugtracker allows rem

signup_pagephp | bugtracker | attackers | providing | creating | multiple | address | e-mail | remote | allows | Mantis | users | bombs | same | send |

signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.


The password recovery feature (forgotpassword.a

recovery | password | feature |

The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.


Linksys WET11 1.5.4 allows remote attackers to

Linksys | WET11 |

Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.


Text Rider 2.4 allows attackers to bypass authe

authentication | attackers | providing | obtaining | password | without | upload | allows | bypass | valid | Rider | files | hash | Text | MD5 |

Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.


Tor before 0.1.1.20 supports server descriptors

before | Tor |

Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.


pm.php (aka the PM system) in DeluxeBB 1.08, an

pmphp |

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.


The dc_chat function in cmd.dc.c in DConnect Da

DConnect | function | dc_chat | Daemon | cmddcc |

The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference.


course/jumpto.php in Moodle before 1.6.2 does n

course/jumptophp | before | Moodle |

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.


attachment.php in Headstart Solutions DeskPRO a

attachmentphp | attackers | parameter | providing | Solutions | Headstart | modified | uploaded | DeskPRO | allows | number | remote | files | read | file | all |

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.


profile.php in ExtCalendar 2 and earlier allows

unauthorized | registerphp | ExtCalendar | profilephp | passwords | arbitrary | providing | attackers | password | original | modified | possibly | actions | perform | earlier | without | change | values | remote | allows | users | other | via |

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.


Software vulnerabilities results 1 to 20 of 37     
Page: 12