Searching responses software vulnerabilities

The ffingerd 1.19 allows remote attackers to id

ffingerd |

The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.


POP3 Server for Ipswitch IMail 7.04 and earlier

Ipswitch | Server | IMail | POP3 |

POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.


Beck IPC GmbH IPC@CHIP TelnetD server generates

different | generates | attackers | responses | determine | accounts | IPC@CHIP | invalid | TelnetD | allows | remote | server | system | which | valid | given | names | login | Beck | GmbH | IPC |

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.


iptables-save in iptables before 1.2.4 records

iptables-save | iptables | before |

iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.


Format string vulnerabilities in (1) inews or (

vulnerabilities | string | Format |

Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.


Thomas Hauck Jana Server 2.x through 2.2.1, and

through | Server | Thomas | Hauck | Jana |

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.


Buffer overflow in read_smtp_response of protoc

read_smtp_response | protocolc | libesmtp | overflow | before | Buffer |

Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.


Format string vulnerability in the nn_exitmsg f

vulnerability | nn_exitmsg | function | string | Format |

Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.


Format string vulnerability in the error handli

vulnerability | responses | handling | Trillian | string | Format | invite | error | IRC |

Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.


ServerMask 2.2 and earlier does not obfuscate (

ServerMask | obfuscate | earlier | does | not |

ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.


3com OfficeConnect Remote 812 ADSL Router 1.1.7

OfficeConnect | Remote | 3com |

3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.


The Linux 2.0 kernel IP stack does not properly

unauthorized | responses | calculate | properly | citation | portions | include | causes | kernel | memory | which | stack | error | Linux | does | size | ICMP | not |

The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.


The mget function in cmds.c for tnftp 20030825

function | tnftp | cmdsc | mget |

The mget function in cmds.c for tnftp Monday, August 25, 2003 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.


Buffer overflow in the get function in get.c fo

malicious | arbitrary | responses | overflow | function | servers | execute | crafted | remote | allows | Buffer | getc | HTTP | code | Yanf | get | web | via |

Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.


Secure Computing Corporation Sidewinder G2 6.1.

Corporation | Sidewinder | Computing | Secure |

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.


Unknown vulnerability in the net-svc script on

authenticated | vulnerability | arbitrary | responses | execute | certain | net-svc | Unknown | Solaris | client | script | allows | remote | users | code | DHCP | via |

Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.


Dispatch.cgi/_user/uservCard/ in SiteScape Foru

Dispatchcgi/_user/uservCard/ | responses | different | attackers | usernames | enumerate | SiteScape | generates | possibly | earlier | remote | allows | valid | Forum | way |

Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.


Kerio WinRoute Firewall 6.2.2 and earlier allow

Firewall | WinRoute | Kerio |

Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses.


The Bluetooth stack in the Sony Ericsson T60 do

discoverable" | unauthorized | implement | attackers | Bluetooth | responses | "Limited | properly | Ericsson | inquiry | allows | remote | obtain | stack | which | Sony | does | mode | not | T60 |

The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses.


eXtremail 2.1.1 and earlier does not verify the

eXtremail |

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.


Software vulnerabilities results 1 to 20 of 83     
Page: 12345