records software vulnerabilities
vulnerabilities.aspcode.net
Searching records software vulnerabilities
Excite for Web Servers (EWS) 1.1 records the fi
Servers
|
Excite
|
Web
|
Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack.
ProFTPd 1.2 compiled with the mod_sqlpw module
privileges
|
passwords
|
mod_sqlpw
|
compiled
|
reading
|
command
|
ProFTPd
|
records
|
allows
|
obtain
|
module
|
users
|
local
|
which
|
wtmp
|
last
|
user
|
file
|
gain
|
log
|
via
|
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
oidldapd 2.1.1.1 in Oracle 8.1.7 records log fi
oidldapd
|
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
Ipswitch IMail 7.04 and earlier records the phy
Ipswitch
|
IMail
|
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
iptables-save in iptables before 1.2.4 records
iptables-save
|
iptables
|
before
|
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
The execve system call in Linux 2.4.x records t
descriptors
|
executable
|
descriptor
|
restricted
|
process
|
calling
|
records
|
system
|
execve
|
allows
|
access
|
users
|
local
|
Linux
|
table
|
which
|
call
|
read
|
file
|
gain
|
24x
|
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
ScriptLogic 4.01, and possibly other versions b
ScriptLogic
|
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.
CUPS 1.1.20 and earlier records authentication
CUPS
|
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
The DNS proxy (DNSd) for multiple Symantec Gate
proxy
|
DNS
|
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
Post.pl in YaBB 1 Gold SP 1.2 allows remote att
characters
|
attackers
|
carriage
|
subject
|
records
|
board's
|
return
|
Postpl
|
allows
|
modify
|
remote
|
field
|
YaBB
|
file
|
Gold
|
txt
|
via
|
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
SQL injection vulnerability in phpMyFAQ 1.4 and
vulnerability
|
injection
|
attackers
|
database
|
username
|
messages
|
phpMyFAQ
|
records
|
remote
|
allows
|
field
|
forum
|
add
|
SQL
|
via
|
FAQ
|
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
spf.c in Courier Mail Server does not properly
Framework
|
properly
|
failures
|
Courier
|
looking
|
Policy
|
Sender
|
handle
|
Server
|
does
|
Mail
|
spfc
|
not
|
DNS
|
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
Kayako liveResponse 2.x, when logging in a user
liveResponse
|
privileges
|
plaintext
|
attackers
|
possibly
|
password
|
logging
|
records
|
Kayako
|
allows
|
remote
|
users
|
which
|
local
|
gain
|
user
|
URL
|
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.
Heap-based buffer overflow in Kaspersky Antivir
Heap-based
|
Kaspersky
|
Antivirus
|
overflow
|
buffer
|
Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header.
Multiple buffer overflows in IPUpdate 1.1 might
overflows
|
arbitrary
|
attackers
|
IPUpdate
|
Multiple
|
execute
|
buffer
|
might
|
allow
|
code
|
via
|
Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records.
IBM WebSphere Application Server 5.0.2 and earl
Application
|
WebSphere
|
Server
|
IBM
|
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
register.php in Ultimate PHP Board (UPB) 1.9.6
registerphp
|
Ultimate
|
Board
|
PHP
|
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
setcookie.php for the administration login in P
administration
|
administrator
|
Professional
|
setcookiephp
|
Guestbook
|
attackers
|
obtaining
|
guessing
|
password
|
conduct
|
records
|
attacks
|
allows
|
cookie
|
brute
|
force
|
login
|
which
|
after
|
Tools
|
hash
|
Page
|
Home
|
setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash.
SMTP service in MailEnable Standard, Profession
Professional
|
MailEnable
|
Enterprise
|
ME-10014
|
Standard
|
service
|
before
|
SMTP
|
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (Monday, September 04, 2006) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2
Microsoft
|
Excel
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
Software vulnerabilities results 1 to 20 of 43
Page:
1
2
3
►