standard software vulnerabilities
vulnerabilities.aspcode.net
Searching standard software vulnerabilities
The mcsp Client Site Processor system (MultiCSP
Processor
|
Client
|
system
|
mcsp
|
Site
|
The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.
The SSH protocol server sshd allows local users
authentication
|
connection
|
redirect
|
standard
|
database
|
password
|
protocol
|
through
|
service
|
without
|
allows
|
server
|
access
|
system
|
users
|
local
|
shell
|
such
|
uses
|
sshd
|
POP
|
FTP
|
SSH
|
TCP
|
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
The SuSE aaa_base package installs some system
directories
|
privileges
|
standard
|
accounts
|
creating
|
profiles
|
aaa_base
|
installs
|
package
|
scripts
|
startup
|
allows
|
system
|
those
|
users
|
local
|
which
|
user
|
such
|
some
|
/tmp
|
gain
|
home
|
SuSE
|
set
|
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
The shtml.exe component of Microsoft FrontPage
Microsoft
|
FrontPage
|
component
|
shtmlexe
|
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
The shtml.exe component of Microsoft FrontPage
Microsoft
|
FrontPage
|
component
|
shtmlexe
|
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
The OpenPGP PGP standard allows an attacker to
cryptanalytic
|
determine
|
signature
|
encrypted
|
attacker
|
standard
|
captures
|
message
|
OpenPGP
|
private
|
alters
|
signed
|
single
|
allows
|
attack
|
which
|
file
|
PGP
|
key
|
via
|
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4
non-standard
|
non-Windows
|
filtering
|
ZoneAlarm
|
adapters
|
protocol
|
through
|
packets
|
created
|
bypass
|
allows
|
users
|
local
|
via
|
Pro
|
TCP
|
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
Tiny Personal Firewall 1.0 and 2.0 allows local
non-standard
|
non-Windows
|
filtering
|
Personal
|
Firewall
|
adapters
|
protocol
|
packets
|
created
|
bypass
|
allows
|
local
|
users
|
Tiny
|
via
|
TCP
|
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
FreeBSD 4.5 and earlier, and possibly other BSD
descriptors
|
restricted
|
BSD-based
|
operating
|
possibly
|
FreeBSD
|
closing
|
earlier
|
systems
|
allows
|
files
|
local
|
other
|
users
|
write
|
read
|
file
|
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
The Standard security setting for Mandrake-Secu
Mandrake-Security
|
security
|
Standard
|
package
|
setting
|
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
The file server in ActivePost Standard 3.1 and
authenticated
|
ActivePost
|
Standard
|
service
|
earlier
|
denial
|
remote
|
server
|
allows
|
cause
|
users
|
file
|
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow.
Directory traversal vulnerability in the file s
vulnerability
|
authenticated
|
ActivePost
|
arbitrary
|
Directory
|
traversal
|
Standard
|
upload
|
remote
|
server
|
allows
|
files
|
users
|
file
|
via
|
Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename.
The conference menu in ActivePost Standard 3.1
password-protected
|
information
|
conference
|
ActivePost
|
connection
|
cleartext
|
attackers
|
sensitive
|
passwords
|
Standard
|
sniffing
|
network
|
remote
|
which
|
rooms
|
sends
|
allow
|
could
|
menu
|
gain
|
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.
Memory leak in Microsoft Windows XP and Windows
Microsoft
|
Windows
|
Server
|
Memory
|
leak
|
Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
The file server in ActivePost Standard 3.1 and
authenticated
|
information
|
ActivePost
|
sensitive
|
uploading
|
Standard
|
success
|
message
|
reveals
|
earlier
|
allows
|
server
|
obtain
|
remote
|
users
|
which
|
file
|
path
|
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.
Unknown vulnerability in Standard Type Services
vulnerability
|
Framework
|
Services
|
Standard
|
Unknown
|
Type
|
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
Java Web Start in Java 2 Platform Standard Edit
Platform
|
Standard
|
Edition
|
Start
|
Java
|
Web
|
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.
Unknown vulnerability in the SMTP service in Ma
vulnerability
|
Professional
|
MailEnable
|
attackers
|
Standard
|
Unknown
|
service
|
remote
|
denial
|
before
|
allows
|
cause
|
SMTP
|
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
Unspecified vulnerability in Sun Java System Ap
vulnerability
|
Application
|
Unspecified
|
attackers
|
Platform
|
Standard
|
earlier
|
Edition
|
remote
|
allows
|
source
|
obtain
|
Update
|
System
|
Server
|
2004Q2
|
pages
|
code
|
Java
|
Sun
|
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
Unspecified vulnerability in Hitachi Cosminexus
vulnerability
|
Professional;
|
Professional
|
Application
|
Unspecified
|
"unintended
|
information
|
uCosminexus
|
Enterprise
|
Integrator
|
Electronic
|
Architect;
|
Cosminexus
|
Platform;
|
Developer
|
Container
|
Component
|
requests"
|
Standard;
|
Workflow
|
properly
|
07-10-03
|
Standard
|
07-00-10
|
Library
|
related
|
Hitachi
|
session
|
Service
|
through
|
manage
|
Server
|
impact
|
Client
|
which
|
other
|
07-10
|
07-00
|
used
|
does
|
Set;
|
Form
|
Set
|
has
|
ERP
|
not
|
Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests."
Software vulnerabilities results 1 to 20 of 80
Page:
1
2
3
4
5
►