return software vulnerabilities
vulnerabilities.aspcode.net
Searching return software vulnerabilities
A non-default configuration in TenFour TFS Gate
configuration
|
continuously
|
non-default
|
incorrect
|
recipient
|
addresses
|
messages
|
attacker
|
TenFour
|
Gateway
|
seconds
|
message
|
service
|
return
|
causes
|
allows
|
denial
|
sender
|
cause
|
every
|
which
|
via
|
TFS
|
try
|
A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds.
Microsoft Outlook and Outlook Express allow rem
Return-Path
|
attackers
|
Microsoft
|
messages
|
Reply-To
|
service
|
sending
|
Express
|
Outlook
|
fields
|
denial
|
remote
|
blank
|
cause
|
email
|
allow
|
such
|
BCC
|
Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
Digital Creations Zope 2.3.1 b1 and earlier con
Creations
|
Digital
|
Zope
|
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
PF in OpenBSD 3.0 with the return-rst rule sets
return-rst
|
OpenBSD
|
sets
|
rule
|
TTL
|
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
Novell Netware FTP server NWFTPD before 5.02r a
attackers
|
service
|
Netware
|
denial
|
allows
|
remote
|
server
|
Novell
|
before
|
NWFTPD
|
cause
|
502r
|
FTP
|
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
The dtscreen Sun Solaris 8 CDE screensaver cras
screensaver
|
repeatedly
|
dtscreen
|
"Return"
|
pressed
|
session
|
current
|
quickly
|
crashes
|
"Shift"
|
Solaris
|
allows
|
access
|
users
|
local
|
which
|
keys
|
Sun
|
CDE
|
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
phpRank 1.8 does not properly check the return
authenticating
|
authenticate
|
unavailable
|
operations
|
attackers
|
password
|
database
|
properly
|
phpRank
|
remote
|
errors
|
return
|
using
|
occur
|
MySQL
|
codes
|
check
|
users
|
could
|
allow
|
which
|
does
|
NULL
|
not
|
phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.
advserver.exe in Advanced Web Server (AdvServer
advserverexe
|
Advanced
|
Server
|
Web
|
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.
Qualcomm Eudora 5.2.1 allows remote attackers t
Qualcomm
|
Eudora
|
Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.
pam_wheel in Linux-PAM 0.78, with the trust opt
Linux-PAM
|
pam_wheel
|
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
Centrinity FirstClass 7.1 allows remote attacke
information
|
checkboxes
|
Centrinity
|
FirstClass
|
sensitive
|
appending
|
directory
|
attackers
|
checking
|
searched
|
leaving
|
option
|
access
|
return
|
remote
|
allows
|
search
|
blank
|
which
|
files
|
field
|
text
|
end
|
URL
|
all
|
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
Integer overflow in the NTP daemon (NTPd) befor
overflow
|
Integer
|
daemon
|
NTP
|
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
CRLF injection vulnerability in login.php in We
vulnerability
|
WebCalendar
|
return_path
|
sequences
|
attackers
|
Splitting
|
parameter
|
injection
|
Response
|
loginphp
|
expected
|
perform
|
attacks
|
content
|
inject
|
modify
|
remote
|
server
|
allows
|
HTML
|
CRLF
|
HTTP
|
via
|
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.
04WebServer 1.42 does not adequately filter dat
04WebServer
|
04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.
Post.pl in YaBB 1 Gold SP 1.2 allows remote att
characters
|
attackers
|
carriage
|
subject
|
records
|
board's
|
return
|
Postpl
|
allows
|
modify
|
remote
|
field
|
YaBB
|
file
|
Gold
|
txt
|
via
|
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
passwd 0.68 does not check the return code for
passwd
|
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
mod_python (libapache2-mod-python) 3.1.4 and ea
mod_python
|
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
The KDE screen saver in KDE before 3.0.5 does n
before
|
screen
|
saver
|
KDE
|
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.
content.php in Mambo 4.5.2 through 4.5.2.3 allo
contentphp
|
Mambo
|
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
Software vulnerabilities results 1 to 20 of 93
Page:
1
2
3
4
5
►