some software vulnerabilities
vulnerabilities.aspcode.net
Searching some software vulnerabilities
finger 0@host on some systems may print informa
information
|
accounts
|
systems
|
0@host
|
finger
|
print
|
user
|
some
|
may
|
finger 0@host on some systems may print information on some user accounts.
Some filters or firewalls allow fragmented SYN
implemented
|
fragmented
|
firewalls
|
violation
|
reserved
|
packets
|
filters
|
policy
|
their
|
allow
|
Some
|
bits
|
SYN
|
Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.
Remote attackers can access mail files via POP3
passwords
|
attackers
|
systems
|
shadow
|
Remote
|
access
|
Linux
|
using
|
files
|
mail
|
some
|
POP3
|
can
|
via
|
Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords.
In some NT web servers, appending a space at th
appending
|
attackers
|
servers
|
active
|
source
|
pages
|
allow
|
space
|
read
|
some
|
code
|
end
|
web
|
may
|
URL
|
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
In some instances of SSH 1.2.27 and 2.0.11 on L
instances
|
some
|
SSH
|
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
A remote attacker can sometimes identify the op
sometimes
|
operating
|
identify
|
attacker
|
packets
|
reacts
|
system
|
remote
|
queso
|
using
|
based
|
tool
|
nmap
|
such
|
some
|
ICMP
|
host
|
can
|
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
SGI MachineInfo CGI program, installed by defau
potentially
|
information
|
MachineInfo
|
activities
|
sensitive
|
gathering
|
attackers
|
installed
|
program
|
default
|
servers
|
status
|
remote
|
prints
|
system
|
could
|
which
|
some
|
used
|
CGI
|
web
|
SGI
|
SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities.
The W3C CERN httpd HTTP server allows remote at
nonexistent
|
attackers
|
determine
|
pathnames
|
commands
|
request
|
server
|
allows
|
remote
|
httpd
|
some
|
HTTP
|
real
|
CERN
|
URL
|
W3C
|
via
|
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
The SuSE aaa_base package installs some system
directories
|
privileges
|
standard
|
accounts
|
creating
|
profiles
|
aaa_base
|
installs
|
package
|
scripts
|
startup
|
allows
|
system
|
those
|
users
|
local
|
which
|
user
|
such
|
some
|
/tmp
|
gain
|
home
|
SuSE
|
set
|
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
The shtml.exe component of Microsoft FrontPage
Microsoft
|
FrontPage
|
component
|
shtmlexe
|
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
The go-gnome Helix GNOME pre-installer allows l
pre-installer
|
including
|
overwrite
|
arbitrary
|
installer
|
uudecode
|
go-gnome
|
various
|
symlink
|
attack
|
allows
|
snarf
|
local
|
GNOME
|
Helix
|
users
|
files
|
some
|
/tmp
|
via
|
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
Format string vulnerability in DbgPrint functio
vulnerability
|
function
|
messages
|
DbgPrint
|
Windows
|
drivers
|
Format
|
string
|
debug
|
used
|
some
|
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
Hughes Technologies Virtual DNS (VDNS) Server 1
Technologies
|
Virtual
|
Hughes
|
DNS
|
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
Apache on MacOS X Client 10.0.3 with the HFS+ f
Client
|
Apache
|
MacOS
|
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
Norton Anti-Virus (NAV) allows remote attackers
Anti-Virus
|
Norton
|
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
Multiple format string vulnerabilities in heart
vulnerabilities
|
heartbeat
|
Multiple
|
format
|
string
|
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
Unknown vulnerability in Solaris 8 for Intel an
vulnerability
|
interfaces
|
responding
|
attackers
|
certain
|
service
|
traffic
|
network
|
packets
|
Unknown
|
Solaris
|
allows
|
remote
|
denial
|
Intel
|
SPARC
|
cause
|
stop
|
some
|
via
|
TCP
|
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
Buffer overflow in (1) grpck and (2) pwck, if i
overflow
|
Buffer
|
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
Unspecified vulnerability in Echelog 0.6.2 allo
vulnerability
|
Unspecified
|
Echelog
|
Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors.
Unspecified vulnerability in E-Xoopport before
vulnerability
|
Unspecified
|
E-Xoopport
|
before
|
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."
Software vulnerabilities results 1 to 20 of 331
Page:
1
2
3
4
5
...
17
►