Searching sends software vulnerabilities

Denial of service in AOL Instant Messenger when

potentially | malicious | Messenger | receiving | hyperlink | attacker | causing | service | Instant | client | Denial | system | remote | crash | sends | AOL |

Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash.


Netopia Timbuktu Pro sends user IDs and passwor

passwords | cleartext | attackers | Timbuktu | sniffing | Netopia | allows | obtain | remote | sends | which | them | user | Pro | via | IDs |

Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.


ZoneAlarm sends sensitive system and network in

information | cleartext | sensitive | ZoneAlarm | requests | network | server | system | sends | event | more | Zone | Labs | user |

ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event.


Privacy leak in Dansie Shopping Cart 3.04, and

Shopping | Privacy | Dansie | Cart | leak |

Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.


Web Access component for COM2001 Alexis 2.0 and

InternetPBX | information | component | passwords | username | COM2001 | applet | Access | Alexis | clear | sends | voice | port | Java | mail | Web | via |

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.


Bugzilla before 2.14 stores user passwords in p

Bugzilla | before |

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.


The remote admimnistration client for RhinoSoft

admimnistration | RhinoSoft | plaintext | One-Time | password | client | remote | Serv-U | S/KEY | sends | user | even |

The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.


The Remote Desktop client in Windows XP sends t

cleartext | attackers | sniffing | terminal | Desktop | account | Windows | Remote | obtain | client | recent | server | names | allow | sends | which | could | most | name | user | via |

The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.


Winamp 2.78 and 2.77, when opening a wma file t

Winamp |

Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.


Yahoo! Messenger 4.0 sends user passwords in cl

privileges | passwords | cleartext | attackers | Messenger | sniffing | remote | users | other | which | sends | Yahoo | could | allow | gain | user | via |

Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.


The ap_log_rerror function in Apache 2.0 throug

ap_log_rerror | function | through | Apache |

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.


CommonName Toolbar 3.5.2.0 sends unqualified do

CommonName | Toolbar |

CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.


OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier

OpenSSH-portable |

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.


Stack-based buffer overflow in the code that se

Stack-based | attackers | Gadu-Gadu | arbitrary | filename | overflow | execute | remote | buffer | images | allows | large | image | sends | code | via |

Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.


The conference menu in ActivePost Standard 3.1

password-protected | information | conference | ActivePost | connection | cleartext | attackers | sensitive | passwords | Standard | sniffing | network | remote | which | rooms | sends | allow | could | menu | gain |

The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.


The firewall in Astaro Security Linux before 4.

Security | firewall | before | Astaro | Linux |

The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.


Ariba Spend Management System sends the usernam

information | Management | plaintext | attackers | sensitive | password | username | request | obtain | allows | server | System | remote | Ariba | Spend | sends | which | POST |

Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.


Privacy leak in install.php for Diesel PHP Job

credentials | information | installphp | developers | controlled | sensitive | product | address | Privacy | e-mail | Diesel | sends | leak | Site | such | user | Job | PHP |

Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.


Tor before 0.1.2.15 sends "destroy cells" conta

before | Tor |

Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.


Battlefront Dropteam 1.3.3 and earlier sends th

Battlefront | Dropteam |

Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.


Software vulnerabilities results 1 to 20 of 58     
Page: 123