Searching spoofing software vulnerabilities

HP OpenView Omniback allows remote execution of

execution | commands | spoofing | Omniback | OpenView | symlink | attack | remote | allows | access | users | local | gain | root | via | can |

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.


Versions of rpcbind including Linux, IRIX, and

including | Venema's | attacker | spoofing | Versions | rpcbind | address | entries | insert | delete | source | Wietse | remote | Linux | allow | IRIX |

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.


Internet Explorer 5.0 allows window spoofing, a

information | legitimate | allowing | attacker | spoofing | Explorer | Internet | capture | client | window | allows | remote | spoof | site | web |

Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.


The ARP protocol allows any host to spoof ARP r

spoofing | protocol | conduct | replies | service | address | denial | poison | allows | spoof | cache | host | ARP | any |

The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service.


By default, Internet Explorer 5.0 and other ver

sub-frames | "Navigate | different | domains" | versions | Internet | Explorer | spoofing | enables | default | allows | option | across | other | frame | which |

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.


Quake 1 server responds to an initial UDP game

connection | attackers | amplifier | spoofing | responds | traffic | "Smurf" | request | another | initial | remote | server | allows | attack | amount | style | large | which | Quake | host | game | use | UDP |

Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.


Livingston Portmaster routers running ComOS use

Portmaster | Livingston | sequence | initial | routers | running | number | ComOS | same | use |

Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions.


Windows 95, 98, and NT 4.0 allow remote attacke

attackers | spoofing | messages | redirect | service | Windows | routing | router | causes | change | denial | remote | tables | cause | allow | which | ICMP | its |

Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.


NAI Sniffer Agent allows remote attackers to ga

authentication | privileges | attackers | sniffing | commands | spoofing | initial | packets | Sniffer | allows | remote | Agent | gain | UDP | NAI |

NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.


Symantec LiveUpdate before 1.6 does not use cry

updatesymanteccom | cryptography | LiveUpdate | arbitrary | integrity | attackers | download | spoofing | Symantec | execute | remote | allows | before | ensure | files | which | does | code | site | not | use | via | DNS |

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.


Symantec LiveUpdate 1.4 through 1.6, and possib

LiveUpdate | attackers | versions | possibly | Symantec | through | service | denial | allows | remote | later | cause |

Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.


Avaya Argent Office 2.1 may allow remote attack

legitimate | providing | attackers | broadcast | HoldMusic | alternate | response | spoofing | server's | Office | remote | Argent | change | allow | Avaya | music | file | hold | TFTP | may |

Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.


Multiple vulnerabilities in phpMyChat before 0.

vulnerabilities | phpMyChat | Multiple | before |

Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.


The "ICQ Features on Demand" functionality for

functionality | authenticity | attackers | arbitrary | Mirabilis | upgrades | properly | Features | spoofing | software | install | Demand" | attack | remote | allows | verify | 2003a | which | does | "ICQ | ICQ | via | not | Pro |

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.


The Message Session window in Mirabilis ICQ Pro

Mirabilis | attackers | service | Message | Session | remote | allows | window | denial | cause | 2003a | ICQ | Pro |

The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.


Squid 2.5 STABLE9 and earlier, when the DNS cli

environment | unfiltered | attackers | spoofing | STABLE9 | prevent | lookups | earlier | allows | remote | client | spoof | Squid | port | does | DNS | not |

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.


Mozilla Firefox might allow remote attackers to

attackers | phishing | spoofing | conduct | writing | attacks | Firefox | Mozilla | remote | might | allow |

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.


T-Mobile voice mail systems allow remote attack

Identification | reconfigure | attackers | mailboxes | retrieve | spoofing | messages | T-Mobile | systems | Calling | remote | remove | Number | allow | voice | mail |

T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).


eXtremail 2.1.1 and earlier does not verify the

eXtremail |

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.


NetSupport Manager Client before 10.20.0004 all

NetSupport | Manager | before | Client |

NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager.


Software vulnerabilities results 1 to 20 of 84     
Page: 12345