require software vulnerabilities
vulnerabilities.aspcode.net
Searching require software vulnerabilities
An attacker can force a printer to print arbitr
arbitrary
|
documents
|
attacker
|
printer
|
force
|
print
|
can
|
An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.
daynad program in Intel InBusiness E-mail Stati
authentication
|
configuration
|
InBusiness
|
attackers
|
Station
|
program
|
require
|
remote
|
allows
|
modify
|
daynad
|
E-mail
|
delete
|
files
|
Intel
|
which
|
read
|
mail
|
does
|
its
|
not
|
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
The Alabanza Control Panel does not require pas
administrative
|
nsManagercgi
|
information
|
passwords
|
attackers
|
Alabanza
|
commands
|
program
|
Control
|
require
|
remote
|
modify
|
access
|
domain
|
allows
|
Panel
|
which
|
does
|
name
|
CGI
|
not
|
via
|
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.
Tektronix PhaserLink 850 does not require authe
PhaserLink
|
Tektronix
|
Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages.
The web administration server for ELSA Lancom 1
administration
|
Lancom
|
server
|
ELSA
|
web
|
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
Telnet proxy in Avirt Gateway Suite 4.2 does no
authentication
|
connecting
|
arbitrary
|
attackers
|
contents
|
commands
|
require
|
command
|
Gateway
|
execute
|
allows
|
Telnet
|
remote
|
system
|
itself
|
"dos"
|
which
|
Suite
|
proxy
|
Avirt
|
does
|
file
|
list
|
not
|
via
|
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
The default configuration of Arescom NetDSL 800
configuration
|
Arescom
|
default
|
NetDSL
|
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.
Phorum 3.3.2 allows remote attackers to determi
Phorum
|
Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication.
Pingtel xpressa SIP-based voice-over-IP phone 1
voice-over-IP
|
SIP-based
|
Pingtel
|
xpressa
|
phone
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
savesettings.php in phpGB 1.20 and earlier does
savesettingsphp
|
phpGB
|
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
The FTP service in Zaurus PDAs SL-5000D and SL-
authentication
|
attackers
|
SL-5000D
|
SL-5500
|
require
|
service
|
allows
|
remote
|
system
|
access
|
Zaurus
|
which
|
does
|
file
|
root
|
PDAs
|
not
|
FTP
|
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.
Extproc in Oracle 9i and 10g does not require a
authentication
|
arbitrary
|
function
|
commands
|
library
|
execute
|
Extproc
|
require
|
allows
|
Oracle
|
local
|
users
|
which
|
load
|
user
|
does
|
10g
|
not
|
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
The control panel in ASP Calendar does not requ
authentication
|
unauthorized
|
attackers
|
Calendar
|
require
|
control
|
request
|
mainasp
|
allows
|
remote
|
direct
|
access
|
panel
|
which
|
does
|
gain
|
ASP
|
not
|
via
|
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
The default installation of Cisco IBM Director
authentication
|
administrator
|
installation
|
privileges
|
connecting
|
attackers
|
Director
|
default
|
require
|
allows
|
remote
|
agent
|
Cisco
|
which
|
port
|
does
|
gain
|
TCP
|
not
|
IBM
|
The default installation of Cisco IBM Director agent does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
The remote upgrade capability in HP LaserJet 42
capability
|
LaserJet
|
upgrade
|
remote
|
The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.
phpstatus 1.0 does not require passwords when u
authentication
|
passwords
|
attackers
|
phpstatus
|
identify
|
require
|
cookies
|
allows
|
remote
|
bypass
|
using
|
which
|
does
|
user
|
not
|
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
The Dell Openmanage CD launches X11 and SSH dae
authentication
|
Openmanage
|
privileges
|
attackers
|
launches
|
require
|
daemons
|
allows
|
remote
|
which
|
gain
|
Dell
|
X11
|
SSH
|
not
|
The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.
MOHA Chat 0.1b7 and earlier does not require au
authentication
|
vectors
|
require
|
unknown
|
earlier
|
attack
|
impact
|
which
|
does
|
MOHA
|
Chat
|
01b7
|
plug
|
use
|
not
|
has
|
API
|
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
admin/ajoutaut.php in JBlog 1.0 does not requir
admin/ajoutautphp
|
authentication
|
parameters
|
attackers
|
arbitrary
|
modified
|
accounts
|
require
|
create
|
allows
|
remote
|
droit
|
JBlog
|
which
|
does
|
mot
|
not
|
via
|
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.
xGB.php in xGB 2.0 does not require authenticat
authentication
|
unspecified
|
attackers
|
changes
|
require
|
unknown
|
allows
|
remote
|
action
|
xGBphp
|
series
|
steps
|
admin
|
which
|
does
|
make
|
edit
|
xGB
|
via
|
not
|
xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
Software vulnerabilities results 1 to 20 of 101
Page:
1
2
3
4
5
6
►