research software vulnerabilities
vulnerabilities.aspcode.net
Searching research software vulnerabilities
Rit Research Labs The Bat! 1.0.11 through 2.0 c
Research
|
Labs
|
Bat
|
Rit
|
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
Multiple SQL injection vulnerabilities in Produ
vulnerabilities
|
ProductCart
|
arbitrary
|
attackers
|
injection
|
commands
|
Multiple
|
execute
|
remote
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
Heap-based buffer overflow in Research in Motio
Heap-based
|
Research
|
overflow
|
Motion
|
buffer
|
Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file.
Research in Motion (RIM) BlackBerry Router allo
Research
|
Motion
|
Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets.
Research in Motion (RIM) BlackBerry Handheld we
Research
|
Motion
|
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.
The BlackBerry Attachment Service in Research i
Attachment
|
BlackBerry
|
Research
|
Service
|
Motion
|
The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow.
Cross-site scripting (XSS) vulnerability in Abl
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Buffer overflow in the decompression algorithm
decompression
|
BlackBerry
|
Enterprise
|
algorithm
|
overflow
|
Research
|
earlier
|
before
|
Server
|
Buffer
|
Motion
|
SP1
|
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before Tuesday, June 07, 2005 might allow remote attackers to execute arbitrary code via certain data packets.
Helmsman Research (aka CoolUtils) HomeFtp 1.1 a
Research
|
Helmsman
|
Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command.
** DISPUTED ** Cross-site scripting (XSS) vuln
Cross-site
|
scripting
|
DISPUTED
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
Ecommerce
|
arbitrary
|
attackers
|
injection
|
Multiple
|
commands
|
DISPUTED
|
execute
|
remote
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem.
Buffer overflow in the Online Registration Faci
Registration
|
PrivateWire
|
Algorithmic
|
arbitrary
|
attackers
|
software
|
Research
|
overflow
|
Facility
|
execute
|
request
|
Online
|
Buffer
|
remote
|
allows
|
long
|
code
|
VPN
|
GET
|
via
|
Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.
Research in Motion (RIM) BlackBerry Enterprise
Research
|
Motion
|
Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time.
generaloptions.php in Paul Tarjan Stanford Conf
generaloptionsphp
|
Conference
|
Research
|
Stanford
|
Tarjan
|
Forum
|
Paul
|
generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before Tuesday, February 27, 2007 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.
Buffer overflow in the SetLanguage function in
SetLanguage
|
function
|
Research
|
overflow
|
Motion
|
Buffer
|
Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
Buffer overflow in the ArcSDE service (giomgr)
overflow
|
service
|
ArcSDE
|
Buffer
|
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
Format string vulnerability on the Research in
vulnerability
|
BlackBerry
|
Research
|
string
|
Motion
|
Format
|
Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.
The Research in Motion BlackBerry 7270 before 4
BlackBerry
|
Research
|
Motion
|
The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.
The Research in Motion BlackBerry 7270 with 4.0
BlackBerry
|
Research
|
Motion
|
The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.
Research in Motion BlackBerry Enterprise Server
configuration
|
applications
|
installation
|
third-party
|
facilitate
|
Enterprise
|
BlackBerry
|
arbitrary
|
Research
|
malware
|
devices
|
loading
|
through
|
default
|
permits
|
Server
|
Motion
|
which
|
might
|
has
|
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
Software vulnerabilities results 1 to 20 of 27
Page:
1
2
►