specification software vulnerabilities
vulnerabilities.aspcode.net
Searching specification software vulnerabilities
Cisco IOS software 11.3 through 12.2 running on
software
|
Cisco
|
IOS
|
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
An undocumented extension for the Servlet mappi
specification
|
undocumented
|
upgrading
|
extension
|
WebLogic
|
mappings
|
Service
|
through
|
Express
|
Servlet
|
Server
|
Pack
|
BEA
|
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
The Mobile Code filter in ZoneAlarm Pro 5.0.590
ZoneAlarm
|
filter
|
Mobile
|
Code
|
Pro
|
The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.
A design error in the IEEE1394 specification al
specification
|
FireWire/IEEE
|
sensitive
|
attackers
|
physical
|
IEEE1394
|
modified
|
memory
|
device
|
allows
|
design
|
access
|
error
|
using
|
write
|
read
|
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit.
Cisco IOS 12.1(3) and 12.1(3)T allows remote at
Cisco
|
IOS
|
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
Squid 2.5 up to 2.5.STABLE7 allows remote attac
specification
|
attackers
|
including
|
25STABLE7
|
certain
|
attacks
|
headers
|
conduct
|
remote
|
allows
|
follow
|
poison
|
cache
|
Squid
|
HTTP
|
via
|
not
|
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
phpBB 2.0.20 does not properly verify user-spec
phpBB
|
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
The Adobe PDF specification 1.3, as implemented
specification
|
implemented
|
attackers
|
including
|
possibly
|
unknown
|
service
|
Preview
|
denial
|
impact
|
allows
|
remote
|
Apple
|
Adobe
|
have
|
PDF
|
Mac
|
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
The Adobe PDF specification 1.3, as implemented
specification
|
implemented
|
Acrobat
|
before
|
Adobe
|
PDF
|
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
The Adobe PDF specification 1.3, as implemented
specification
|
implemented
|
Adobe
|
PDF
|
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
** DISPUTED ** Microsoft Internet Explorer 6.0
metacharacters
|
JavaScript
|
wildcards
|
attackers
|
arbitrary
|
Microsoft
|
DISPUTED
|
Explorer
|
Internet
|
certain
|
service
|
results
|
domains
|
allows
|
remote
|
denial
|
which
|
using
|
Zones
|
such
|
fill
|
via
|
** DISPUTED ** Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated.
Cross-site scripting (XSS) vulnerability in May
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.
Software vulnerabilities results 1 to 13 of 13
Page:
1