registered software vulnerabilities
vulnerabilities.aspcode.net
Searching registered software vulnerabilities
When a new SQL Server is registered in Enterpri
registered
|
Enterprise
|
encryption
|
Microsoft
|
password"
|
password
|
"Always
|
Manager
|
Server
|
option
|
prompt
|
login
|
store
|
uses
|
weak
|
then
|
name
|
SQL
|
new
|
not
|
set
|
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
Resin 2.1.1 allows remote attackers to cause a
Resin
|
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
Non-registered IRC users using (1) ircd-hybrid
Non-registered
|
users
|
using
|
IRC
|
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued.
Directory traversal vulnerability in MyDMS 1.4.
vulnerability
|
traversal
|
Directory
|
MyDMS
|
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier
Ultimate
|
Board
|
PHP
|
Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat.
Multiple unspecified vulnerabilities in SAPID C
vulnerabilities
|
unspecified
|
Multiple
|
before
|
SAPID
|
CMS
|
Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.
TinyPHPForum 3.6 and earlier stores the (1) use
TinyPHPForum
|
earlier
|
stores
|
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.
The POP3 Server in ArGoSoft Mail Server Pro 1.8
registration
|
information
|
registered
|
attackers
|
sensitive
|
operating
|
ArGoSoft
|
command
|
reveals
|
system
|
Server
|
remote
|
allows
|
obtain
|
_DUMP
|
which
|
Mail
|
user
|
POP3
|
code
|
Pro
|
via
|
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code.
Absolute path traversal vulnerability in Easy F
vulnerability
|
traversal
|
Absolute
|
Sharing
|
File
|
path
|
Easy
|
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
member.php in MyBB (aka MyBulletinBoard), when
memberphp
|
MyBB
|
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
IRC Services before 5.0.62, and 5.1 before 5.1p
Services
|
before
|
IRC
|
IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered.
Argument injection vulnerability in Microsoft I
metacharacters
|
vulnerability
|
cross-browser
|
registered
|
arbitrary
|
Microsoft
|
attackers
|
scripting
|
injection
|
installed
|
Internet
|
commands
|
Explorer
|
Argument
|
execute
|
attacks
|
conduct
|
Firefox
|
certain
|
running
|
systems
|
allows
|
remote
|
shell
|
URIs
|
via
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of Wednesday, July 11, 2007, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
Mozilla Firefox before 2.0.0.6, Thunderbird bef
Firefox
|
Mozilla
|
before
|
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
Argument injection vulnerability in Microsoft I
metacharacters
|
CVE-2007-3670
|
vulnerability
|
cross-browser
|
navigatorurl
|
netscapeexe
|
registered
|
attackers
|
injection
|
installed
|
arbitrary
|
Microsoft
|
scripting
|
inserted
|
commands
|
Netscape
|
Explorer
|
invoking
|
Argument
|
Internet
|
-chrome
|
command
|
created
|
related
|
certain
|
conduct
|
systems
|
attacks
|
running
|
execute
|
allows
|
remote
|
shell
|
issue
|
which
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of Friday, July 13, 2007, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
Argument injection vulnerability in Microsoft I
metacharacters
|
CVE-2007-3670
|
vulnerability
|
cross-browser
|
SeaMonkeyexe
|
registered
|
installed
|
Microsoft
|
attackers
|
scripting
|
injection
|
SeaMonkey
|
arbitrary
|
inserted
|
Argument
|
Internet
|
Explorer
|
commands
|
invoking
|
related
|
created
|
command
|
attacks
|
conduct
|
certain
|
execute
|
running
|
systems
|
remote
|
allows
|
mailto
|
shell
|
issue
|
which
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
Argument injection vulnerability in Mozilla Fir
vulnerability
|
injection
|
Argument
|
Firefox
|
Mozilla
|
before
|
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.
Argument injection vulnerability involving Mozi
metacharacters
|
CVE-2007-3670
|
cross-browser
|
vulnerability
|
unspecified
|
registered
|
attackers
|
arbitrary
|
scripting
|
involving
|
injection
|
Argument
|
commands
|
handling
|
inserted
|
invoking
|
similar
|
certain
|
conduct
|
command
|
execute
|
Mozilla
|
process
|
attacks
|
remote
|
allows
|
shell
|
which
|
issue
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Argument injection vulnerability involving Micr
metacharacters
|
cross-browser
|
CVE-2007-3670
|
vulnerability
|
unspecified
|
registered
|
involving
|
attackers
|
scripting
|
arbitrary
|
injection
|
Microsoft
|
handling
|
commands
|
Argument
|
invoking
|
inserted
|
command
|
similar
|
process
|
certain
|
conduct
|
Express
|
attacks
|
Outlook
|
execute
|
allows
|
remote
|
shell
|
issue
|
which
|
URIs
|
into
|
line
|
via
|
URI
|
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
The WebAdmin interface in TeamSpeak Server 2.0.
TeamSpeak
|
interface
|
WebAdmin
|
Server
|
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.
Software vulnerabilities results 1 to 20 of 22
Page:
1
2
►