receiving software vulnerabilities
vulnerabilities.aspcode.net
Searching receiving software vulnerabilities
The POP3 server in FTGate returns an -ERR code
usernames
|
receiving
|
attackers
|
determine
|
guessing
|
password
|
conduct
|
request
|
invalid
|
returns
|
remote
|
easier
|
FTGate
|
server
|
brute
|
force
|
valid
|
after
|
which
|
makes
|
-ERR
|
POP3
|
USER
|
code
|
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing.
Win32k.sys (aka Graphics Device Interface (GDI)
Win32ksys
|
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
Remote PC Access Server 2.2 allows remote attac
attackers
|
service
|
denial
|
allows
|
Access
|
Remote
|
Server
|
cause
|
Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server.
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from c
Bugzilla
|
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
The Apache HTTP server before 1.3.34, and 2.0.x
server
|
before
|
Apache
|
HTTP
|
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Microsoft IIS 5.0 and 6.0 allows remote attacke
application
|
protection
|
attackers
|
Microsoft
|
firewall
|
request
|
attacks
|
conduct
|
allows
|
remote
|
poison
|
bypass
|
cache
|
HTTP
|
both
|
via
|
web
|
IIS
|
XSS
|
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4
Jakarta
|
Tomcat
|
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
IBM WebSphere 5.1 and WebSphere 5.0 allows remo
application
|
protection
|
attackers
|
WebSphere
|
firewall
|
conduct
|
request
|
attacks
|
remote
|
allows
|
bypass
|
poison
|
cache
|
both
|
HTTP
|
via
|
web
|
IBM
|
XSS
|
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
BEA Systems WebLogic 8.1 SP1 allows remote atta
application
|
protection
|
attackers
|
firewall
|
WebLogic
|
Systems
|
request
|
conduct
|
attacks
|
bypass
|
remote
|
allows
|
poison
|
cache
|
HTTP
|
both
|
BEA
|
via
|
web
|
XSS
|
SP1
|
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Oracle 9i Application Server (Oracle9iAS) 9.0.2
Application
|
Server
|
Oracle
|
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Sun SunONE web server 6.1 SP1 allows remote att
application
|
protection
|
attackers
|
firewall
|
conduct
|
request
|
attacks
|
bypass
|
poison
|
SunONE
|
server
|
allows
|
remote
|
cache
|
HTTP
|
both
|
Sun
|
via
|
SP1
|
web
|
XSS
|
Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
SQL injection vulnerability in Hitachi Business
vulnerability
|
unspecified
|
receiving
|
Container
|
attackers
|
injection
|
arbitrary
|
03-00-/B
|
commands
|
extended
|
function
|
Business
|
through
|
execute
|
Hitachi
|
vectors
|
Windows
|
allows
|
remote
|
02-03
|
Logic
|
03-00
|
Linux
|
SQL
|
box
|
via
|
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.
Cross-site scripting (XSS) vulnerability in Hit
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.
The ip_push_pending_frames function in Linux 2.
ip_push_pending_frames
|
function
|
before
|
Linux
|
26x
|
24x
|
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.
Cross-site scripting (XSS) vulnerability in gen
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).
The Perforce client does not restrict the set o
overwrites
|
arbitrary
|
overwrite
|
attackers
|
receiving
|
modifying
|
operating
|
malicious
|
restrict
|
Perforce
|
request
|
remote
|
config
|
allows
|
server
|
client
|
files
|
which
|
file
|
does
|
upon
|
set
|
not
|
The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.
The Adobe Macromedia Flash 9 plug-in allows rem
Macromedia
|
attackers
|
arbitrary
|
establish
|
sessions
|
plug-in
|
machine
|
victim
|
allows
|
remote
|
hosts
|
Flash
|
Adobe
|
cause
|
via
|
TCP
|
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
Software vulnerabilities results 1 to 18 of 18
Page:
1