returns software vulnerabilities
vulnerabilities.aspcode.net
Searching returns software vulnerabilities
Windows Media Player ActiveX object as used in
existence
|
determine
|
malicious
|
Internet
|
Explorer
|
specific
|
returns
|
ActiveX
|
Windows
|
Player
|
allows
|
remote
|
object
|
client
|
which
|
error
|
Media
|
files
|
exist
|
sites
|
file
|
code
|
used
|
does
|
web
|
not
|
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
The POP3 server in FTGate returns an -ERR code
usernames
|
receiving
|
attackers
|
determine
|
guessing
|
password
|
conduct
|
request
|
invalid
|
returns
|
remote
|
easier
|
FTGate
|
server
|
brute
|
force
|
valid
|
after
|
which
|
makes
|
-ERR
|
POP3
|
USER
|
code
|
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing.
Xcache 2.1 allows remote attackers to determine
Content-PageName
|
requesting
|
determine
|
documents
|
attackers
|
pathname
|
absolute
|
returns
|
Xcache
|
cached
|
allows
|
header
|
server
|
remote
|
which
|
full
|
path
|
web
|
URL
|
not
|
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.
Dallas Semiconductor iButton DS1991 returns pre
Semiconductor
|
predictable
|
dictionary
|
incorrect
|
physical
|
password
|
against
|
conduct
|
attacks
|
returns
|
iButton
|
DS1991
|
access
|
Dallas
|
device
|
values
|
easier
|
which
|
given
|
users
|
makes
|
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
AmTote International homebet program returns di
International
|
attackers
|
different
|
existence
|
determine
|
messages
|
provided
|
account
|
numbers
|
homebet
|
returns
|
program
|
invalid
|
allows
|
remote
|
attack
|
AmTote
|
force
|
brute
|
valid
|
codes
|
error
|
which
|
PIN
|
via
|
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
Lucent VitalSuite 8.0 through 8.2, including Vi
VitalHelp/VitalAnalysis
|
authentication
|
VsSetCookieexe
|
VitalEvent
|
VitalSuite
|
including
|
attackers
|
VitalNet
|
returns
|
program
|
through
|
desired
|
request
|
Lucent
|
cookie
|
bypass
|
remote
|
allows
|
direct
|
valid
|
which
|
user
|
HTTP
|
via
|
Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
RTSP proxy for Novell BorderManager 3.6 SP 1a a
BorderManager
|
attackers
|
service
|
request
|
denial
|
remote
|
Novell
|
allows
|
proxy
|
cause
|
port
|
RTSP
|
via
|
GET
|
RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND.
Directory traversal vulnerability in the list_d
list_directory
|
vulnerability
|
Directory
|
traversal
|
function
|
Icecast
|
Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.
Nokia Electronic Documentation (NED) 5.0 allows
Documentation
|
Electronic
|
Nokia
|
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8
before
|
BIND
|
ISC
|
83x
|
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
Sage 1.0 b3 allows remote attackers to obtain t
non-existent
|
attackers
|
request
|
message
|
returns
|
module
|
server
|
allows
|
remote
|
obtain
|
error
|
which
|
root
|
Sage
|
path
|
URL
|
via
|
web
|
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
CRLF injection vulnerability in fvwm-menu-direc
fvwm-menu-directory
|
vulnerability
|
injection
|
before
|
fvwm
|
CRLF
|
25x
|
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
MaxDB WebTools 7.5.00.18 and earlier allows rem
WebTools
|
MaxDB
|
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.
The getItemInfoByAtom function in the ActiveX c
getItemInfoByAtom
|
existence
|
determine
|
attackers
|
Microsoft
|
function
|
returns
|
ActiveX
|
Windows
|
control
|
exists
|
allows
|
remote
|
system
|
Player
|
Media
|
local
|
files
|
which
|
exist
|
size
|
does
|
file
|
not
|
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
EmuLive Server4 Commerce Edition Build 7560 all
Commerce
|
Edition
|
EmuLive
|
Server4
|
Build
|
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
Microsoft Internet Explorer 5.0.1 through 6.0 a
Microsoft
|
Explorer
|
Internet
|
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
index.php in FlatNuke 2.5.1 allows remote attac
FlatNuke
|
indexphp
|
index.php in FlatNuke 2.5.1 allows remote attackers to create an andministrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
The POP3 server in IBM iSeries AS/400 returns d
different
|
attackers
|
determine
|
messages
|
iSeries
|
returns
|
exists
|
remote
|
AS/400
|
server
|
allows
|
which
|
error
|
valid
|
POP3
|
user
|
IDs
|
not
|
IBM
|
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
Clearswift MIMEsweeper For Web (a.k.a. WEBsweep
MIMEsweeper
|
Clearswift
|
Web
|
Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file.
imageVue 16.1 allows remote attackers to obtain
imageVue
|
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
Software vulnerabilities results 1 to 20 of 50
Page:
1
2
3
►