Searching state software vulnerabilities

Compaq TruCluster 1.5 allows remote attackers t

"split-brain" | TruCluster | attackers | service | cluster | system | causes | record | Compaq | allows | remote | denial | cause | which | state | enter | scan | does | port | have | not | via | PTR | DNS |

Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.


ssdpsrv.exe in Windows ME allows remote attacke

ssdpsrvexe | Discovery | attackers | newlines | multiple | Protocol | sending | service | Windows | Simple | remote | allows | denial | cause |

ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.


ptrace on HP-UX 11.00 through 11.11 allows loca

ptrace | HP-UX |

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."


Firewalls from multiple vendors empty state tab

attackers | Firewalls | flooding | multiple | attacks | vendors | allows | filled | packet | remote | slowly | tables | empty | flood | state | which | such | more | than | they |

Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections.


The mxcsr code in Linux kernel 2.4 allows attac

registers | attackers | malformed | address | modify | kernel | allows | Linux | mxcsr | state | code | CPU | via |

The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.


Multiple SQL injection vulnerabilities in (1) a

vulnerabilities | injection | Multiple | SQL |

Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.


Zero G Software InstallAnywhere 5.0.6, 5.0.7, a

InstallAnywhere | Software | Zero |

Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.


efFingerD 0.2.12 allows remote attackers to cau

efFingerD |

efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.


Armagetron 0.2.6.0 and earlier and Armagetron A

Armagetron |

Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket.


The raw_sendmsg function in the Linux kernel 2.

raw_sendmsg | function | kernel | before | Linux |

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.


Mail.app in Mac OS 10.4.2 and earlier, when pri

Mailapp | Mac |

Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.


Mentor ADSL-FR4II router running firmware 2.00.

ADSL-FR4II | firmware | running | Mentor | router |

Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan.


SQL injection vulnerability in topics.php in Ap

vulnerability | Appalachian | phpWebSite | University | injection | topicsphp | State | SQL |

SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.


Unspecified vulnerability in FreeRADIUS 1.0.0 u

vulnerability | Unspecified | FreeRADIUS |

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.


Unspecified vulnerability in CA Resource Initia

Initialization | vulnerability | Unspecified | Resource | Manager |

Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before Tuesday, May 02, 2006, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.


RIPd in Quagga 0.98 and 0.99 before 20060503 do

Quagga | RIPd |

RIPd in Quagga 0.98 and 0.99 before Wednesday, May 03, 2006 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.


The ECNE chunk handling in Linux SCTP (lksctp)

handling | Linux | chunk | SCTP | ECNE |

The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.


The isdn_ppp_ccp_reset_alloc_state function in

isdn_ppp_ccp_reset_alloc_state | drivers/isdn/isdn_pppc | init_timer | 2434-rc4 | function | unknown | vectors | results | kernel | system | before | attack | state | timer | which | Linux | crash | reset | does | call | ISDN | PPP | not | has | CCP |

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.


Buffer overflow in bbs100 before 3.2 allows rem

attackers | overflow | service | remote | denial | Buffer | bbs100 | allows | before | cause |

Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c.


Software vulnerabilities results 1 to 20 of 58     
Page: 123