spa base64 to bits software vulnerabilities
vulnerabilities.aspcode.net
Searching spa base64 to bits software vulnerabilities
Some filters or firewalls allow fragmented SYN
implemented
|
fragmented
|
firewalls
|
violation
|
reserved
|
packets
|
filters
|
policy
|
their
|
allow
|
Some
|
bits
|
SYN
|
Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.
NAI Sniffer Agent uses base64 encoding for auth
authentication
|
usernames
|
passwords
|
attackers
|
encoding
|
Sniffer
|
decrypt
|
network
|
allows
|
base64
|
easily
|
Agent
|
which
|
sniff
|
uses
|
NAI
|
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
Cisco 340-series Aironet access point using fir
340-series
|
firmware
|
Aironet
|
access
|
Cisco
|
using
|
point
|
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.
The RC4 stream cipher as used by SSH1 allows re
redundancy
|
attackers
|
message's
|
detection
|
messages
|
original
|
without
|
cyclic
|
XORing
|
stream
|
cipher
|
allows
|
modify
|
remote
|
check
|
SSH1
|
used
|
RC4
|
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
CentraOne 5.2 and Centra ASP with basic authent
authentication
|
world-writable
|
impersonate
|
cleartext
|
CentraOne
|
passwords
|
encoded
|
decoded
|
enabled
|
creates
|
allows
|
obtain
|
Centra
|
base64
|
files
|
basic
|
which
|
local
|
users
|
ASP
|
log
|
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
Microsoft Windows 2000 allows remote attackers
Microsoft
|
Windows
|
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
Race condition in SDBINST for SAP database 7.3.
condition
|
database
|
SDBINST
|
Race
|
SAP
|
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
Linux kernel does not properly convert 64-bit f
pointers
|
properly
|
portions
|
convert
|
offset
|
memory
|
access
|
allows
|
64-bit
|
kernel
|
local
|
users
|
Linux
|
which
|
file
|
does
|
bits
|
not
|
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
ripMIME 1.3.2.3 and earlier allows remote attac
ripMIME
|
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
Unspecified vulnerability in Sun Fire 3800/4800
3800/4800/4810/6800
|
vulnerability
|
Unspecified
|
V1280
|
Netra
|
Fire
|
Sun
|
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
ClamAV 0.80 and earlier allows remote attackers
ClamAV
|
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
Cross-site scripting (XSS) vulnerability in sec
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.
Directory traversal vulnerability in the IMAP s
vulnerability
|
Directory
|
traversal
|
@Solomon
|
SPA-PRO
|
service
|
Mail
|
IMAP
|
Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, and (4) RENAME commands.
Buffer overflow in the IMAP service for SPA-PRO
overflow
|
@Solomon
|
SPA-PRO
|
service
|
Buffer
|
Mail
|
IMAP
|
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.
The ebuild for pinentry before 0.7.2-r2 on Gent
overwrite
|
arbitrary
|
programs
|
pinentry
|
setgid
|
allows
|
before
|
Gentoo
|
072-r2
|
ebuild
|
users
|
files
|
local
|
Linux
|
which
|
sets
|
read
|
bits
|
gid
|
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
Multiple buffer overflows in E-Post Mail Server
overflows
|
Multiple
|
Server
|
E-Post
|
buffer
|
Mail
|
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.
Early termination vulnerability in the IMAP ser
vulnerability
|
termination
|
service
|
E-Post
|
Early
|
Mail
|
IMAP
|
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent.
Eval injection vulnerability in the decode func
rpc_decoderphp
|
vulnerability
|
attackers
|
arbitrary
|
injection
|
possibly
|
programs
|
function
|
execute
|
earlier
|
allows
|
remote
|
base64
|
decode
|
exoops
|
runcms
|
phpRPC
|
other
|
code
|
used
|
Eval
|
tag
|
PHP
|
via
|
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
PHP remote file inclusion vulnerability in bits
bits_listingsphp
|
svr_rootPhpStart
|
PhpLinkExchange
|
vulnerability
|
attackers
|
arbitrary
|
parameter
|
inclusion
|
IDevSpot
|
execute
|
remote
|
allows
|
code
|
file
|
PHP
|
via
|
PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
The _LoadBMP function in imlib 1.9.15 and earli
function
|
_LoadBMP
|
imlib
|
The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
Software vulnerabilities results 1 to 20 of 50
Page:
1
2
3
►