Searching public software vulnerabilities

vacm ucd-snmp SNMP server, version 3.52, does n

ucd-snmp | version | server | vacm | SNMP |

vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information.


pgp4pine Pine/PGP interface version 1.75-6 does

interface | obtaining | properly | Pine/PGP | pgp4pine | Privacy | expired | version | public | Guard | check | 175-6 | does | keys | Gnu | via | see | not | has | key |

pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.


Borderware Firewall Server 6.1.2 allows remote

Borderware | Firewall | Server |

Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.


CITRIX Metaframe 1.8 logs the Client Address (I

Metaframe | Address | Client | CITRIX | logs |

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).


D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless

DWL-1000AP | Firmware | D-Link |

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.


Nortel CVX 1800 is installed with a default "pu

Nortel | CVX |

Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.


The Microsoft Java implementation, as used in I

implementation | Microsoft | Internet | Explorer | provides | public | Java | used |

The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.


Cisco ONS15454 and ONS15327 running ONS before

information | community | attackers | sensitive | ONS15327 | "public" | ONS15454 | running | changed | allows | obtain | remote | string | before | cannot | Cisco | which | SNMP | uses | ONS |

Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.


SQL injection vulnerability in the "public mess

vulnerability | capability | injection | message" | "public | SQL |

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers obtain the administrator password via the c_mid parameter.


Spider Sales shopping cart stores the private k

shopping | database | private | decrypt | allows | Spider | public | stores | access | users | local | which | Sales | table | cart | same | data | key |

Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.


The BT Voyager 2000 Wireless ADSL Router has a

Voyager |

The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext.


Unknown vulnerability in Drupal 4.5.0 through 4

vulnerability | Unknown | Drupal |

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.


PhpList allows remote attackers to obtain sensi

information | attackers | sensitive | PhpList | request | direct | remote | allows | obtain | via |

PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message.


Mantis 1.0.0rc3 and earlier discloses private b

information | discloses | sensitive | attackers | private | earlier | obtain | allows | remote | 100rc3 | Mantis | public | feeds | which | bugs | via | RSS |

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.


Cross-site scripting (XSS) vulnerability in Pub

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.


OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8

OpenSSL |

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.


Intoto iGateway VPN and iGateway SSL-VPN allow

context-dependent | attackers | iGateway | SSL-VPN | service | Intoto | denial | cause | allow | VPN |

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.


Multiple SQL injection vulnerabilities in All I

vulnerabilities | injection | Multiple | Control | Panel | One | SQL | All |

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.


All In One Control Panel (AIOCP) 1.3.007 and ea

Control | Panel | All | One |

All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.


PHP remote file inclusion vulnerability in News

NewsCMS/news/newstopic_incphp | vulnerability | inclusion | Country | Manager | Public | remote | Media | Radio | North | file | PHP |

PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.


Software vulnerabilities results 1 to 20 of 89     
Page: 12345