specific software vulnerabilities
vulnerabilities.aspcode.net
Searching specific software vulnerabilities
Seattle Labs Emurl 2.0, and possibly earlier ve
attachments
|
attachment
|
directory
|
scripting
|
recipient
|
malicious
|
specific
|
possibly
|
versions
|
enabled
|
execute
|
message
|
Seattle
|
earlier
|
allows
|
e-mail
|
stores
|
which
|
Emurl
|
opens
|
file
|
Labs
|
ASP
|
Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.
Windows Media Player ActiveX object as used in
existence
|
determine
|
malicious
|
Internet
|
Explorer
|
specific
|
returns
|
ActiveX
|
Windows
|
Player
|
allows
|
remote
|
object
|
client
|
which
|
error
|
Media
|
files
|
exist
|
sites
|
file
|
code
|
used
|
does
|
web
|
not
|
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
Multiple RADIUS implementations do not properly
implementations
|
Vendor-Specific
|
Vendor-Length
|
attribute
|
attackers
|
Multiple
|
properly
|
validate
|
service
|
RADIUS
|
denial
|
remote
|
allows
|
which
|
cause
|
not
|
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Novell BorderManager 3.5 with PAT (Port-Address
BorderManager
|
Novell
|
PAT
|
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
A "potential buffer overflow in ruleset parsing
"potential
|
parsing"
|
Sendmail
|
overflow
|
ruleset
|
buffer
|
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Konqueror in KDE 3.2.3 and earlier allows web s
Konqueror
|
KDE
|
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
FreeRADIUS before 1.0.1 allows remote attackers
FreeRADIUS
|
before
|
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
Multiple buffer overflows in the (1) event_text
overflows
|
Multiple
|
buffer
|
Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files.
Unknown vulnerability in the Web calendaring co
vulnerability
|
calendaring
|
component
|
Ipswitch
|
Unknown
|
Server
|
before
|
IMail
|
Web
|
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
The DIRECTORY objects in Oracle 8i through Orac
information
|
privileges
|
sensitive
|
operating
|
DIRECTORY
|
location
|
specific
|
objects
|
through
|
contain
|
object
|
obtain
|
allows
|
system
|
Oracle
|
which
|
users
|
read
|
10g
|
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.
Unspecified vulnerability in Java 1.3.1 before
vulnerability
|
Unspecified
|
Java
|
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
Unspecified vulnerability in HP-UX B.11.23 on I
vulnerability
|
Unspecified
|
"specific
|
platforms
|
service
|
Itanium
|
denial
|
allows
|
size"
|
stack
|
local
|
B1123
|
HP-UX
|
cause
|
users
|
due
|
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
Incomplete blacklist vulnerability in connector
Config[DeniedExtensions][File]
|
vulnerability
|
connectorphp
|
extensions
|
Incomplete
|
attackers
|
arbitrary
|
FCKeditor
|
blacklist
|
products
|
specific
|
execute
|
giving
|
phptxt
|
listed
|
script
|
remote
|
allows
|
RunCMS
|
upload
|
files
|
such
|
used
|
not
|
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
SQL injection vulnerability in index.asp in Tot
vulnerability
|
arbitrary
|
Ecommerce
|
attackers
|
injection
|
parameter
|
indexasp
|
commands
|
execute
|
allows
|
remote
|
Total
|
SQL
|
via
|
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE.
Cross-site scripting (XSS) vulnerability in Mar
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.
IBM WebSphere Application Server (WAS) 5.1.1.9
Application
|
WebSphere
|
Server
|
IBM
|
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
Stack-based buffer overflow in the Apple-specif
Apple-specific
|
Stack-based
|
overflow
|
module
|
buffer
|
Samba
|
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
Unspecified vulnerability in Skype allows remot
vulnerability
|
Unspecified
|
attackers
|
service
|
denial
|
allows
|
remote
|
Skype
|
cause
|
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on Friday, August 17, 2007 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on Friday, August 17, 2007, which appears to be a site-specific problem. As of Tuesday, August 21, 2007, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Unspecified vulnerability in Office Efficiencie
vulnerability
|
Efficiencies
|
Unspecified
|
SafeSquid
|
security
|
"serious
|
specific
|
possibly
|
vectors
|
related
|
unknown
|
Office
|
impact
|
attack
|
Linux
|
flaw"
|
has
|
41x
|
Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux.
Software vulnerabilities results 1 to 20 of 68
Page:
1
2
3
4
►