streams software vulnerabilities
vulnerabilities.aspcode.net
Searching streams software vulnerabilities
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 d
BestCrypt
|
BCWipe
|
BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
East-Tec Eraser 2002 does not clear Windows alt
East-Tec
|
Eraser
|
East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
Eraser 5.3 does not clear Windows alternate dat
information
|
sensitive
|
attackers
|
alternate
|
attached
|
supposed
|
systems
|
recover
|
Windows
|
deleted
|
streams
|
allows
|
Eraser
|
which
|
files
|
clear
|
data
|
does
|
file
|
NTFS
|
not
|
Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
PGP 6.x and 7.x does not clear Windows alternat
information
|
alternate
|
sensitive
|
attackers
|
attached
|
supposed
|
recover
|
systems
|
Windows
|
deleted
|
streams
|
allows
|
which
|
files
|
clear
|
data
|
does
|
file
|
NTFS
|
PGP
|
not
|
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
SecureClean 3 build 2.0 does not clear Windows
information
|
SecureClean
|
alternate
|
attackers
|
sensitive
|
attached
|
supposed
|
deleted
|
systems
|
Windows
|
recover
|
streams
|
allows
|
which
|
files
|
clear
|
build
|
does
|
NTFS
|
file
|
data
|
not
|
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
Race condition in Solaris 2.6 through 9 allows
condition
|
through
|
Solaris
|
service
|
denial
|
allows
|
cause
|
local
|
users
|
Race
|
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
Multiple buffer overflows in the Real-Time Stre
Real-Time
|
Streaming
|
overflows
|
Protocol
|
Multiple
|
buffer
|
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
Apache for Apple Mac OS X 10.2.8 and 10.3.6 all
Apache
|
Apple
|
Mac
|
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
Buffer overflow in the mms_interp_header functi
mms_interp_header
|
function
|
overflow
|
Ripper
|
before
|
Buffer
|
mmsc
|
MMS
|
Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams.
Xpdf, as used in products such as gpdf, kpdf, p
libextractor
|
attackers
|
pdftohtml
|
products
|
poppler
|
service
|
others
|
allows
|
denial
|
cause
|
teTeX
|
such
|
used
|
Xpdf
|
CUPS
|
kpdf
|
gpdf
|
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Unspecified vulnerability in Kerio WinRoute Fir
vulnerability
|
Unspecified
|
WinRoute
|
Firewall
|
before
|
Kerio
|
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.
Multiple unspecified vulnerabilities in Oracle
vulnerabilities
|
unspecified
|
Database
|
Multiple
|
server
|
Oracle
|
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package.
Unspecified vulnerability in the Streams Captur
vulnerability
|
Unspecified
|
component
|
Database
|
Streams
|
Capture
|
server
|
Oracle
|
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package.
Buffer overflow in the sgetstr function in shar
shared/cubeh
|
Sauerbraten
|
2006_02_28
|
attackers
|
arbitrary
|
function
|
overflow
|
execute
|
derived
|
streams
|
sgetstr
|
earlier
|
remote
|
Buffer
|
engine
|
allows
|
input
|
long
|
Cube
|
code
|
data
|
via
|
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.
The (1) sgetstr and (2) getint functions in Sau
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
Windows Firewall in Microsoft Windows XP SP2 do
application
|
Alternate
|
Microsoft
|
Firewall
|
executed
|
Windows
|
Streams
|
produce
|
alerts
|
using
|
does
|
Data
|
NTFS
|
SP2
|
not
|
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
Multiple unspecified vulnerabilities in Oracle
vulnerabilities
|
unspecified
|
Database
|
Multiple
|
Oracle
|
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.
Multiple unspecified vulnerabilities in Oracle
vulnerabilities
|
unspecified
|
Database
|
Multiple
|
Oracle
|
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of Tuesday, April 24, 2007, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".
Tor before 0.1.2.15 does not properly distingui
before
|
Tor
|
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
Unspecified vulnerability in the vuidmice STREA
vulnerability
|
Unspecified
|
vuidmice
|
console
|
Solaris
|
STREAMS
|
modules
|
allows
|
users
|
local
|
Sun
|
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.
Software vulnerabilities results 1 to 20 of 21
Page:
1
2
►