Searching sms software vulnerabilities

Handspring Visor 1.0 and 1.0.1 with the VisorPh

Handspring | Visor |

Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.


Siemens 3568i WAP mobile phones allows remote a

attackers | service | Siemens | remote | denial | allows | mobile | phones | 3568i | cause | WAP |

Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.


PHProjekt 2.0 through 3.1 relies on the $PHP_SE

"mail_sendphp/sms" | authentication | demonstrated | PATH_INFO | attackers | PHProjekt | $PHP_SELF | included | variable | request | portion | scripts | through | allows | remote | bypass | relies | which | using | "sms" | file | via | php | URL |

PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".


The Remote Control Client service in Microsoft'

Microsoft's | Management | Systems | service | Control | Server | Remote | Client |

The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.


GUI overlay vulnerability in the Java API in Si

vulnerability | unauthorized | confirmation | overlaying | malicious | attackers | cellular | messages | overlay | message | Siemens | allows | phones | remote | Java | send | GUI | API | SMS | S55 |

GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.


SMS 1.9.2m and earlier allows local users to ov

arbitrary | overwrite | earlier | symlink | attack | allows | files | local | users | 192m | SMS | via |

SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.


Format string vulnerability in the logging code

vulnerability | logging | Server | Format | string | Tools | code | SMS |

Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.


SQL injection vulnerability in the Authenticati

Authentication | vulnerability | Management | injection | Symantec | Servlet | Server | Sygate | SQL |

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.


The web management interface in 3Com TippingPoi

TippingPoint | management | interface | before | Server | 3Com | web | SMS |

The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.


The Motorola PEBL U6 08.83.76R, the Motorola V6

user-assisted | "Blueline" | connecting | connection | P2K-based | phonebook | Bluetooth | attackers | Motorola | messages | tricking | pressing | possibly | Gateway | entries | service | require | channel | 088376R | Headset | related | pairing | attack | access | obtain | allows | remote | phones | other | Audio | Grant | level | which | saved | into | PEBL | V600 | E398 | view | does | user | SMS | not | aka |

The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.


Multiple unspecified vulnerabilities in Etherea

vulnerabilities | unspecified | Ethereal | Multiple | 09x |

Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.


Cisco CiscoWorks Wireless LAN Solution Engine (

CiscoWorks | Solution | Wireless | Engine | Cisco | LAN |

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before Wednesday, April 19, 2006, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.


PHP remote file inclusion vulnerability in sms_

sms_config/gatewayphp | vulnerability | parameter | attackers | ROOT_PATH | arbitrary | inclusion | PhpMySms | execute | earlier | remote | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.


Multiple SQL injection vulnerabilities in SmS S

vulnerabilities | attackers | arbitrary | parameter | injection | Multiple | commands | execute | Script | remote | CatID | allow | SQL | SmS | via |

Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.


Ozeki HTTP-SMS Gateway 1.0, and possibly earlie

HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate | information | passwords | usernames | sensitive | plaintext | registry | HTTP-SMS | possibly | earlier | Gateway | allows | obtain | stores | users | Ozeki | which | local | key |

Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.


Buffer overflow in the fetchsms function in the

function | handling | fetchsms | overflow | Buffer | module | SMS |

Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.


Software vulnerabilities results 1 to 18 of 18     
Page: 1