sign software vulnerabilities
vulnerabilities.aspcode.net
Searching sign software vulnerabilities
Netscape Communicator 4.04 through 4.7 (and pos
Communicator
|
Netscape
|
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
GnuPG (GPG) 1.0.2, and other versions up to 1.2
GnuPG
|
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Internet Explorer 5.01 through 6 SP1 allows rem
Explorer
|
Internet
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Buffer overflow in the getauthfromURL function
getauthfromURL
|
attackers
|
arbitrary
|
contains
|
overflow
|
function
|
httpgetc
|
execute
|
pre059s
|
Buffer
|
remote
|
mpg123
|
before
|
string
|
could
|
allow
|
users
|
local
|
long
|
file
|
code
|
059r
|
via
|
mp3
|
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
Buffer overflow in the getnickuserhost function
getnickuserhost
|
function
|
overflow
|
Buffer
|
BNC
|
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
Dark Age of Camelot before 1.68 live patch does
Camelot
|
before
|
Dark
|
Age
|
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack.
The p_submit_url value in the sample login form
p_submit_url
|
Application
|
Oracle
|
Server
|
sample
|
value
|
login
|
form
|
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
eMotion MediaPartner Web Server 5.0 and 5.1 all
MediaPartner
|
information
|
sensitive
|
attackers
|
contains
|
eMotion
|
request
|
obtain
|
Server
|
allows
|
remote
|
bhtml
|
file
|
HTTP
|
Web
|
via
|
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.
Multiple buffer overflows in the web tool for M
overflows
|
Multiple
|
before
|
buffer
|
MySQL
|
MaxDB
|
tool
|
web
|
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
Integer overflow in Apple QuickTime before 7.0.
QuickTime
|
overflow
|
Integer
|
before
|
Apple
|
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
Unspecified vulnerability in Single Sign-On in
vulnerability
|
Unspecified
|
Database
|
Sign-On
|
Server
|
Single
|
Oracle
|
10g
|
Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08.
Unspecified vulnerability in Oracle Single Sign
vulnerability
|
Application
|
Unspecified
|
component
|
Sign-On
|
Server
|
Oracle
|
Single
|
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02.
SQL injection vulnerability in nickpage.php in
vulnerability
|
nickpagephp
|
parameter
|
arbitrary
|
attackers
|
injection
|
commands
|
execute
|
sign_gb
|
earlier
|
action
|
allows
|
remote
|
phpCC
|
beta
|
npid
|
SQL
|
via
|
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
Cross-site scripting (XSS) vulnerability in YA
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php.
Unspecified vulnerability in Oracle Application
vulnerability
|
Application
|
Unspecified
|
Server
|
Oracle
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.
Multiple unspecified vulnerabilities in Oracle
vulnerabilities
|
Collaboration
|
unspecified
|
Multiple
|
Oracle
|
Suite
|
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02).
SQL injection vulnerability in sign_in.aspx in
vulnerability
|
sign_inaspx
|
WebEvents
|
injection
|
SQL
|
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
SQL injection vulnerability in sign_in.aspx in
vulnerability
|
sign_inaspx
|
injection
|
WebStore
|
SQL
|
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
SQL injection vulnerability in sign_in.aspx in
vulnerability
|
sign_inaspx
|
Application
|
Discussion
|
arbitrary
|
parameter
|
injection
|
attackers
|
Template
|
commands
|
Threaded
|
Password
|
Message
|
execute
|
allows
|
remote
|
Forum
|
Board
|
SQL
|
via
|
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Unspecified vulnerability in Skype allows remot
vulnerability
|
Unspecified
|
attackers
|
service
|
denial
|
allows
|
remote
|
Skype
|
cause
|
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on Friday, August 17, 2007 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on Friday, August 17, 2007, which appears to be a site-specific problem. As of Tuesday, August 21, 2007, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Software vulnerabilities results 1 to 20 of 36
Page:
1
2
►