Searching record software vulnerabilities

SSH server (sshd2) before 2.0.12 does not prope

server | SSH |

SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.


UltraEdit uses weak encryption to record FTP pa

encryption | privileges | uedit32ini | passwords | UltraEdit | decrypt | allows | record | users | which | local | gain | read | weak | file | uses | can | FTP |

UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.


Compaq TruCluster 1.5 allows remote attackers t

"split-brain" | TruCluster | attackers | service | cluster | system | causes | record | Compaq | allows | remote | denial | cause | which | state | enter | scan | does | port | have | not | via | PTR | DNS |

Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.


Trend Micro InterScan VirusWall for Windows NT

InterScan | VirusWall | Windows | Trend | Micro |

Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.


SQL injection vulnerability in the Call Detail

vulnerability | injection | Detail | Record | Call | SQL |

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.


Enterasys XSR-1800 series Security Routers, whe

Enterasys | Security | firmware | XSR-1800 | running | Routers | series |

Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.


Heap-based buffer overflow in Netscape Network

Heap-based | Security | Services | Netscape | overflow | Network | buffer |

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.


SQL injection vulnerability in SugarCRM Sugar S

vulnerability | functionality | privileges | DetailView | parameters | attackers | arbitrary | parameter | injection | commands | SugarCRM | indexphp | execute | action | record | allows | before | remote | other | Sales | Sugar | 201a | gain | SQL | via |

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.


The "record packet parsing" in GnuTLS 1.2 befor

parsing" | "record | before | GnuTLS | packet |

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.


Heap-based buffer overflow in the Sophos Antivi

PureMessage | MailMonitor | Heap-based | arbitrary | Antivirus | attackers | overflow | products | execute | Library | crafted | length | record | buffer | Sophos | remote | allows | Visio | other | code | used | file | via | sub |

Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.


Multiple SQL injection vulnerabilities in the g

vulnerabilities | get_record | datalibphp | injection | function | Multiple | Moodle | SQL |

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.


Multiple SQL injection vulnerabilities in vTige

vulnerabilities | arbitrary | injection | attackers | commands | Multiple | execute | earlier | vTiger | remote | allow | via | SQL | CRM |

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.


Microsoft Excel 2000 through 2004 allows user-a

Microsoft | Excel |

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.


Buffer overflow in Microsoft Excel 2000 through

Microsoft | overflow | Buffer | Excel |

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."


Buffer overflow in Microsoft Excel 2000 through

Microsoft | overflow | Buffer | Excel |

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."


Microsoft Excel 2000 through 2004 allows user-a

Microsoft | Excel |

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."


Microsoft Excel 2000 through 2004 allows user-a

Microsoft | Excel |

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.


Unspecified vulnerability in Microsoft Outlook

vulnerability | Unspecified | arbitrary | attackers | Microsoft | crafted | Address | Windows | contact | execute | earlier | Express | Outlook | record | remote | allows | Book | code | via |

Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.


Unspecified vulnerability in Microsoft PowerPoi

vulnerability | Unspecified | PowerPoint | Microsoft |

Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."


Widcomm Bluetooth for Windows (BTW) before 4.0.

Bluetooth | Windows | Widcomm |

Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.


Software vulnerabilities results 1 to 20 of 66     
Page: 1234