recursive software vulnerabilities
vulnerabilities.aspcode.net
Searching recursive software vulnerabilities
Vulnerability in htmlparse.pike in Roxen Web Se
htmlparsepike
|
Vulnerability
|
Server
|
Roxen
|
Web
|
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.
Directory traversal vulnerability in the consol
vulnerability
|
Directory
|
traversal
|
version
|
console
|
PKZip
|
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
The Email Sanitizer before 1.133 for Procmail a
Sanitizer
|
before
|
Email
|
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.
BIND 4 and BIND 8, when resolving recursive DNS
arbitrary
|
attackers
|
recursive
|
poisoning
|
resolving
|
birthday
|
resource
|
conduct
|
queries
|
attack
|
number
|
record
|
allows
|
remote
|
large
|
cache
|
hosts
|
same
|
BIND
|
open
|
uses
|
DNS
|
via
|
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
The DNS resolver in unspecified versions of Fuj
unspecified
|
recursive
|
resolving
|
arbitrary
|
attackers
|
poisoning
|
versions
|
resource
|
resolver
|
birthday
|
conduct
|
queries
|
Fujitsu
|
record
|
attack
|
number
|
allows
|
remote
|
large
|
hosts
|
UXP/V
|
cache
|
same
|
open
|
uses
|
DNS
|
via
|
The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
The DNS resolver in unspecified versions of Inf
unspecified
|
recursive
|
resolving
|
arbitrary
|
attackers
|
poisoning
|
versions
|
resolver
|
resource
|
birthday
|
Infoblox
|
conduct
|
queries
|
record
|
attack
|
number
|
remote
|
allows
|
hosts
|
large
|
cache
|
open
|
same
|
uses
|
One
|
DNS
|
via
|
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
Buffer overflow in Info-Zip 2.3 and possibly ea
compression
|
containing
|
recursive
|
attackers
|
arbitrary
|
versions
|
overflow
|
pathname
|
Info-Zip
|
possibly
|
earlier
|
execute
|
folder
|
Buffer
|
remote
|
allows
|
using
|
file
|
code
|
long
|
via
|
ZIP
|
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
The download_selection_recursive() function in
The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.
Stack overflow in Microsoft Exchange Server 200
Microsoft
|
Exchange
|
overflow
|
Server
|
Stack
|
Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
Linux kernel before 2.6.15.5, when running on I
before
|
kernel
|
Linux
|
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
The default configuration of ISC BIND, when con
configuration
|
information
|
delegation
|
additional
|
configured
|
attackers
|
recursive
|
arbitrary
|
addresses
|
provides
|
caching
|
service
|
default
|
queries
|
allows
|
remote
|
server
|
denial
|
cause
|
which
|
name
|
BIND
|
ISC
|
The default configuration of ISC BIND, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
The default configuration of the DNS Server ser
configuration
|
service
|
Windows
|
default
|
Server
|
DNS
|
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
Sendmail before 8.13.7 allows remote attackers
Sendmail
|
before
|
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
PHP 4.4.2 and 5.1.2 allows local users to cause
PHP
|
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1
attackers
|
service
|
allows
|
remote
|
denial
|
926-P1
|
before
|
932-P1
|
cause
|
BIND
|
93x
|
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
Race condition in recursive directory deletion
recursive
|
directory
|
condition
|
deletion
|
Race
|
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before Thursday, February 08, 2007 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
The default access control lists (ACL) in ISC B
control
|
default
|
access
|
lists
|
The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
Software vulnerabilities results 1 to 18 of 18
Page:
1