sites software vulnerabilities
vulnerabilities.aspcode.net
Searching sites software vulnerabilities
Internet Explorer 5.0 does not properly reset t
username/password
|
restricted
|
standard
|
controls
|
properly
|
Internet
|
Explorer
|
visited
|
system
|
access
|
other
|
could
|
users
|
allow
|
sites
|
cache
|
reset
|
which
|
does
|
were
|
same
|
not
|
Web
|
use
|
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
surfCONTROL SuperScout does not properly asign
surfCONTROL
|
SuperScout
|
properly
|
category
|
asign
|
sites
|
does
|
not
|
web
|
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
FTP Explorer uses weak encryption for storing t
encryption
|
password
|
username
|
Explorer
|
profile
|
storing
|
sites
|
uses
|
weak
|
FTP
|
FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
CCCSoftware CCC PHP script allows remote attack
CCCSoftware
|
includedir
|
attackers
|
arbitrary
|
variable
|
include
|
request
|
allows
|
remote
|
script
|
sites
|
files
|
HTTP
|
sets
|
CCC
|
PHP
|
web
|
via
|
CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Empris PHP script allows remote attackers to in
includedir
|
arbitrary
|
attackers
|
variable
|
include
|
request
|
script
|
Empris
|
remote
|
allows
|
sites
|
files
|
sets
|
HTTP
|
PHP
|
via
|
web
|
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Etype Eserv 2.97 allows remote attackers to red
Eserv
|
Etype
|
Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
Microsoft MSN Messenger allows remote attackers
information
|
references
|
Javascript
|
navigation
|
connected
|
sensitive
|
Microsoft
|
Messenger
|
attackers
|
possibly
|
certain
|
display
|
ActiveX
|
object
|
remote
|
obtain
|
allows
|
sites
|
names
|
more
|
user
|
site
|
such
|
use
|
MSN
|
web
|
Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
Gator ActiveX component (IEGator.dll) 3.0.6.1 a
component
|
ActiveX
|
Gator
|
Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.
Vulnerability in Squid before 2.4.STABLE6 relat
authentication
|
Vulnerability
|
credentials
|
24STABLE6
|
password
|
related
|
remote
|
obtain
|
user's
|
before
|
sites
|
login
|
proxy
|
Squid
|
allow
|
may
|
web
|
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
Opera 6.01, 6.0, and 5.12 allows remote attacke
Opera
|
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
NETGEAR FM114P allows remote attackers to bypas
restrictions
|
hostnmame
|
attackers
|
NETGEAR
|
address
|
instead
|
access
|
FM114P
|
allows
|
bypass
|
remote
|
sites
|
uses
|
web
|
via
|
URL
|
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the the IP address instead of the hostnmame.
SonicWall Content Filtering allows local users
prohibited
|
SonicWall
|
Filtering
|
requests
|
Content
|
instead
|
address
|
domain
|
site's
|
allows
|
access
|
users
|
sites
|
local
|
name
|
web
|
via
|
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.
Kerberos FTP client allows remote FTP sites to
arbitrary
|
Kerberos
|
execute
|
remote
|
client
|
allows
|
sites
|
pipe
|
code
|
FTP
|
via
|
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
KDE Konqueror for KDE 3.1.2 and earlier does no
Konqueror
|
KDE
|
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
Horde before 2.2.4 allows remote malicious web
before
|
Horde
|
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
Opera 7.50 and earlier allows remote web sites
Opera
|
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
Firefox before 1.0.1 and Mozilla before 1.7.6 t
Firefox
|
before
|
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
mt-comments.cgi in Movable Type before 3.2 allo
mt-commentscgi
|
attackers
|
redirect
|
comments
|
Movable
|
before
|
allows
|
sites
|
other
|
users
|
URLs
|
Type
|
web
|
via
|
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
jumpto.php in Moodle 1.5.2 allows remote attack
jumptophp
|
Moodle
|
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
CFNetwork in Apple Mac OS X 10.4 through 10.4.7
CFNetwork
|
Apple
|
Mac
|
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.
Software vulnerabilities results 1 to 20 of 97
Page:
1
2
3
4
5
►