replies software vulnerabilities
vulnerabilities.aspcode.net
Searching replies software vulnerabilities
Buffer overflow in Becky! Internet Mail client
Internet
|
overflow
|
Buffer
|
client
|
Becky
|
Mail
|
Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.
The default configuration of Lotus Domino serve
configuration
|
default
|
Domino
|
server
|
Lotus
|
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
ssdpsrv.exe in Windows ME allows remote attacke
ssdpsrvexe
|
Discovery
|
attackers
|
newlines
|
multiple
|
Protocol
|
sending
|
service
|
Windows
|
Simple
|
remote
|
allows
|
denial
|
cause
|
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
Microsoft Outlook plug-in PGP version 7.0, 7.0.
Microsoft
|
version
|
plug-in
|
Outlook
|
PGP
|
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
Buffer overflows in EPIC IRC Client (EPIC4) 1.0
overflows
|
Client
|
Buffer
|
EPIC
|
IRC
|
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
Buffer overflow in CuteFTP Professional 6.0, an
Professional
|
possibly
|
versions
|
overflow
|
servers
|
service
|
CuteFTP
|
denial
|
remote
|
Buffer
|
allows
|
other
|
cause
|
FTP
|
Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.
Honeyd before 0.8 replies to TCP packets with t
simulated
|
addresses
|
attackers
|
identify
|
packets
|
replies
|
allows
|
remote
|
Honeyd
|
before
|
being
|
flags
|
which
|
SYN
|
TCP
|
set
|
RST
|
Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.
login_radius on OpenBSD 3.2, 3.5, and possibly
authentication
|
login_radius
|
attackers
|
response
|
spoofing
|
possibly
|
versions
|
replies
|
OpenBSD
|
allows
|
server
|
bypass
|
remote
|
secret
|
shared
|
packet
|
RADIUS
|
verify
|
which
|
other
|
does
|
not
|
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Multiple stack-based buffer overflows in libcUR
stack-based
|
overflows
|
Multiple
|
libcURL
|
buffer
|
cURL
|
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
Buffer overflow in Sylpheed before 1.0.3 and ot
Sylpheed
|
overflow
|
before
|
Buffer
|
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
Niels Provos Honeyd before 1.5 replies to certa
implementations
|
simulated
|
fragments
|
attackers
|
addresses
|
identify
|
replies
|
illegal
|
certain
|
Provos
|
remote
|
allows
|
Honeyd
|
packet
|
before
|
being
|
using
|
Niels
|
stack
|
other
|
which
|
would
|
drop
|
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
IBM Lotus Notes 6.0, 6.5, and 7.0 does not prop
alternate
|
properly
|
messages
|
replies
|
handle
|
e-mail
|
Lotus
|
users
|
Notes
|
name
|
does
|
not
|
IBM
|
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
Mozilla Thunderbird before 1.5.0.7 and SeaMonke
Thunderbird
|
Mozilla
|
before
|
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
Panda Platinum Internet Security 2006 10.02.01
Internet
|
Security
|
Platinum
|
Panda
|
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.
D-LINK DWL-2000AP+ firmware 2.11 allows remote
DWL-2000AP+
|
firmware
|
D-LINK
|
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
The nl_fib_lookup function in net/ipv4/fib_fron
net/ipv4/fib_frontendc
|
nl_fib_lookup
|
function
|
Kernel
|
before
|
Linux
|
The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.
Format string vulnerability in the inc_put_erro
vulnerability
|
inc_put_error
|
src/incc
|
Sylpheed
|
function
|
string
|
Format
|
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
ircu 2.10.12.05 and earlier allows remote attac
ircu
|
ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.
Software vulnerabilities results 1 to 20 of 20
Page:
1
2
►