sometimes software vulnerabilities
vulnerabilities.aspcode.net
Searching sometimes software vulnerabilities
Buffer overflow in FTP server in Microsoft IIS
Microsoft
|
sometimes
|
attackers
|
overflow
|
service
|
remote
|
denial
|
Buffer
|
server
|
allows
|
cause
|
local
|
long
|
NLST
|
via
|
IIS
|
FTP
|
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
FTP servers such as OpenBSD ftpd, NetBSD ftpd,
setproctitle
|
untrusted
|
Opieftpd
|
properly
|
function
|
servers
|
cleanse
|
strings
|
ProFTPd
|
OpenBSD
|
format
|
NetBSD
|
used
|
ftpd
|
such
|
FTP
|
not
|
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
Buffer overflow in the whois client, which is n
sometimes
|
attackers
|
arbitrary
|
programs
|
overflow
|
execute
|
command
|
within
|
remote
|
called
|
setuid
|
option
|
client
|
Buffer
|
allow
|
whois
|
which
|
long
|
line
|
code
|
CGI
|
may
|
not
|
via
|
but
|
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.
BEA WebLogic Server and WebLogic Express 8.1 SP
administrative
|
privileges
|
sometimes
|
cleartext
|
registry
|
password
|
WebLogic
|
Express
|
earlier
|
stores
|
Server
|
allow
|
might
|
which
|
users
|
local
|
gain
|
boot
|
SP4
|
BEA
|
SP7
|
SP6
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
BEA WebLogic Server and WebLogic Express 8.1 SP
Inter-ORB
|
Internet
|
Protocol
|
WebLogic
|
earlier
|
Express
|
Server
|
BEA
|
SP4
|
SP6
|
SP7
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.
** DISPUTED ** Cross-site scripting (XSS) vuln
Cross-site
|
scripting
|
DISPUTED
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED.
** DISPUTED ** MySQL 5.0.18 allows local users
DISPUTED
|
MySQL
|
** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access.
The SSL server implementation in NILE.NLM in No
implementation
|
Enterprise
|
NetWare
|
NILENLM
|
server
|
Novell
|
Open
|
SSL
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.
** DISPUTED ** SQL injection vulnerability in
vulnerability
|
searchphp
|
injection
|
DISPUTED
|
X-Cart
|
Gold
|
Pro
|
SQL
|
** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of Monday, June 05, 2006, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims.
The SSL client implementation in BEA WebLogic S
implementation
|
WebLogic
|
through
|
Server
|
client
|
Gold
|
SP6
|
MP2
|
SSL
|
BEA
|
SP7
|
SP2
|
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
The SSL server implementation in BEA WebLogic S
implementation
|
WebLogic
|
through
|
server
|
Gold
|
SP6
|
MP1
|
SP7
|
SSL
|
BEA
|
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
Software vulnerabilities results 1 to 12 of 12
Page:
1