rfc software vulnerabilities
vulnerabilities.aspcode.net
Searching rfc software vulnerabilities
InterScan VirusWall 3.52 build 1462 allows remo
VirusWall
|
InterScan
|
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
** DISPUTED ** NOTE: this issue has been disput
DISPUTED
|
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed.
RFC-NETBIOS in HP Advanced Server/9000 B.04.05
Server/9000
|
RFC-NETBIOS
|
Advanced
|
through
|
running
|
HP-UX
|
B0405
|
B0409
|
RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of sevrice (panic) via a malformed UDP packet on port 139.
The default installation of SAP R/3 46C/D allow
installation
|
attackers
|
guessing
|
password
|
default
|
locking
|
account
|
instead
|
conduct
|
SAPGUI
|
allows
|
attack
|
bypass
|
remote
|
which
|
force
|
brute
|
using
|
46C/D
|
like
|
does
|
lock
|
not
|
out
|
R/3
|
SAP
|
API
|
RFC
|
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
ClamAV 0.80 and earlier allows remote attackers
ClamAV
|
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
Opera 7.54 and earlier does not properly valida
Opera
|
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
Heap-based buffer overflow in the ISO Transport
Heap-based
|
Transport
|
overflow
|
Service
|
buffer
|
over
|
TCP
|
ISO
|
Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.
Mailman before 2.1.9rc1 allows remote attackers
"standards-breaking
|
unspecified
|
attackers
|
involving
|
service
|
Mailman
|
vectors
|
denial
|
allows
|
219rc1
|
before
|
remote
|
cause
|
RFC
|
via
|
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
SAP allows remote attackers to obtain potential
RFC_SYSTEM_INFO
|
RfcCallReceive
|
CVE-2003-0747
|
vulnerability
|
information
|
potentially
|
different
|
operating
|
sensitive
|
attackers
|
version
|
request
|
allows
|
remote
|
system
|
obtain
|
than
|
such
|
SAP
|
via
|
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Cross-site scripting (XSS) vulnerability in cer
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
The TRUSTED_SYSTEM_SECURITY function in the SAP
TRUSTED_SYSTEM_SECURITY
|
function
|
Library
|
RFC
|
SAP
|
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before Monday, December 11, 2006 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
The RFC_START_PROGRAM function in the SAP RFC L
RFC_START_PROGRAM
|
function
|
Library
|
RFC
|
SAP
|
The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before Monday, December 11, 2006 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Buffer overflow in the RFC_START_GUI function i
RFC_START_GUI
|
function
|
overflow
|
Library
|
Buffer
|
RFC
|
SAP
|
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before Monday, December 11, 2006 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Buffer overflow in the SYSTEM_CREATE_INSTANCE f
SYSTEM_CREATE_INSTANCE
|
function
|
overflow
|
Library
|
Buffer
|
RFC
|
SAP
|
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before Monday, December 11, 2006 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
The RFC_SET_REG_SERVER_PROPERTY function in the
RFC_SET_REG_SERVER_PROPERTY
|
function
|
Library
|
RFC
|
SAP
|
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before Tuesday, January 09, 2007 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Software vulnerabilities results 1 to 16 of 16
Page:
1