Searching return path software vulnerabilities

A non-default configuration in TenFour TFS Gate

configuration | continuously | non-default | incorrect | recipient | addresses | messages | attacker | TenFour | Gateway | seconds | message | service | return | causes | allows | denial | sender | cause | every | which | via | TFS | try |

A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds.


Digital Creations Zope 2.3.1 b1 and earlier con

Creations | Digital | Zope |

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.


PF in OpenBSD 3.0 with the return-rst rule sets

return-rst | OpenBSD | sets | rule | TTL |

PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.


Novell Netware FTP server NWFTPD before 5.02r a

attackers | service | Netware | denial | allows | remote | server | Novell | before | NWFTPD | cause | 502r | FTP |

Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.


The dtscreen Sun Solaris 8 CDE screensaver cras

screensaver | repeatedly | dtscreen | "Return" | pressed | session | current | quickly | crashes | "Shift" | Solaris | allows | access | users | local | which | keys | Sun | CDE |

The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.


phpRank 1.8 does not properly check the return

authenticating | authenticate | unavailable | operations | attackers | password | database | properly | phpRank | remote | errors | return | using | occur | MySQL | codes | check | users | could | allow | which | does | NULL | not |

phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.


advserver.exe in Advanced Web Server (AdvServer

advserverexe | Advanced | Server | Web |

advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.


Fwmon before 1.0.10 allows remote attackers to

before | Fwmon |

Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.


Qualcomm Eudora 5.2.1 allows remote attackers t

Qualcomm | Eudora |

Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.


pam_wheel in Linux-PAM 0.78, with the trust opt

Linux-PAM | pam_wheel |

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.


Centrinity FirstClass 7.1 allows remote attacke

information | checkboxes | Centrinity | FirstClass | sensitive | appending | directory | attackers | checking | searched | leaving | option | access | return | remote | allows | search | blank | which | files | field | text | end | URL | all |

Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.


Integer overflow in the NTP daemon (NTPd) befor

overflow | Integer | daemon | NTP |

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.


CRLF injection vulnerability in login.php in We

vulnerability | WebCalendar | return_path | sequences | attackers | Splitting | parameter | injection | Response | loginphp | expected | perform | attacks | content | inject | modify | remote | server | allows | HTML | CRLF | HTTP | via |

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.


04WebServer 1.42 does not adequately filter dat

04WebServer |

04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.


Post.pl in YaBB 1 Gold SP 1.2 allows remote att

characters | attackers | carriage | subject | records | board's | return | Postpl | allows | modify | remote | field | YaBB | file | Gold | txt | via |

Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.


passwd 0.68 does not check the return code for

passwd |

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.


mod_python (libapache2-mod-python) 3.1.4 and ea

mod_python |

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.


The KDE screen saver in KDE before 3.0.5 does n

before | screen | saver | KDE |

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.


content.php in Mambo 4.5.2 through 4.5.2.3 allo

contentphp | Mambo |

content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.


Software vulnerabilities results 1 to 20 of 1506     
Page: 12345...76