Searching security software vulnerabilities

A Windows NT account policy for passwords has i

security-critical | inappropriate | uniqueness | passwords | settings | password | Windows | account | policy | length | has | age |

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.


A Windows NT system's file audit policy does no

security-critical | directories | system's | failure | Windows | success | policy | audit | event | files | file | does | not | log |

A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.


A Windows NT system's registry audit policy doe

security-critical | registry | system's | failure | success | Windows | policy | event | audit | does | keys | not | log |

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.


Vulnerability in The Web Information Gateway (T

Vulnerability | Information | Gateway | Web |

Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.


Unknown vulnerability in AIX before 4.0 with un

vulnerability | "security | vectors | Unknown | IY28225 | issue" | impact | before | attack | fixed | APAR | AIX | aka |

Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.


Norton Internet Security 2001 opens log files w

Security | Internet | Norton |

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.


The Standard security setting for Mandrake-Secu

Mandrake-Security | security | Standard | package | setting |

The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.


Astaro Security Linux 2.016 creates world-writa

Security | Astaro | Linux |

Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.


Unspecified "security vulnerability" in Baby FT

vulnerability" | Unspecified | "security | November | versions | Server | before | Baby | FTP |

Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.


The STP protocol, as enabled in Linux 2.4.x, do

sufficient | attackers | topology | security | protocol | provide | enabled | allows | design | bridge | modify | which | Linux | does | 24x | not | STP |

The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.


Microsoft Baseline Security Analyzer (MBSA) 1.2

Microsoft | Analyzer | Security | Baseline |

Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.


Unknown vulnerability in phpGroupWare before 0.

vulnerability | phpGroupWare | Unknown | before |

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.


Unspecified vulnerability in SurgeMail before 2

vulnerability | Unspecified | SurgeMail | "Webmail | security | vectors | related | unknown | before | impact | attack | 22c10 | bug" | has |

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."


Unspecified vulnerability in Tincan Limited PHP

vulnerability | Unspecified | Limited | PHPlist | before | Tincan |

Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."


Firefox 1.0 does not invoke the Javascript Secu

Javascript | Security | Firefox | Manager | invoke | drags | user | does | not |

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."


Multiple Symantec AntiVirus products, including

AntiVirus | including | Multiple | products | Symantec | Norton |

Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.


Cisco switches that support 802.1x security all

Discovery | attackers | security | Protocol | switches | support | spoofed | access | bypass | remote | allow | Cisco | 8021x | gain | port | VLAN | via |

Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.


BEA WebLogic Server and WebLogic Express 9.0 ca

security-relevant | administrator | inappropriate | providers | activated | WebLogic | security | perform | Express | actions | reboot | causes | Server | active | appear | which | cause | could | they | even | have | been | BEA | new | not |

BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.


The WSEE runtime (WS-Security runtime) in BEA W

runtime | WSEE |

The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.


sre/params.php in the Integrity Clientless Secu

sre/paramsphp | Clientless | Integrity | Security |

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.


Software vulnerabilities results 1 to 20 of 571     
Page: 12345...29