strings software vulnerabilities
vulnerabilities.aspcode.net
Searching strings software vulnerabilities
Cisco Resource Manager (CRM) 1.0 and 1.1 create
Resource
|
Manager
|
Cisco
|
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
Buffer overflow in the lex routines of nslookup
arbitrary
|
attackers
|
nslookup
|
possibly
|
overflow
|
strings"
|
routines
|
execute
|
Buffer
|
input
|
"long
|
cause
|
allow
|
code
|
dump
|
core
|
AIX
|
lex
|
via
|
may
|
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
The wrapper program in mailman 2.0beta3 and 2.0
privileges
|
untrusted
|
properly
|
cleanse
|
strings
|
mailman
|
program
|
wrapper
|
20beta3
|
20beta4
|
allows
|
format
|
local
|
users
|
which
|
gain
|
does
|
not
|
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
The logging capability in muh 2.05d IRC server
user-injected
|
capability
|
arbitrary
|
attackers
|
malformed
|
nickname
|
properly
|
commands
|
strings
|
execute
|
service
|
cleanse
|
logging
|
denial
|
server
|
remote
|
allows
|
format
|
which
|
cause
|
205d
|
does
|
muh
|
not
|
IRC
|
via
|
The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname.
Format string vulnerability in startprinting()
vulnerability
|
string
|
Format
|
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
The timed program (in.timed) in UnixWare 7 and
program
|
timed
|
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
The default configuration of Foundry Networks E
configuration
|
information
|
sensitive
|
attackers
|
community
|
arbitrary
|
EdgeIron
|
Networks
|
strings
|
Foundry
|
default
|
allows
|
modify
|
remote
|
4802F
|
SNMP
|
via
|
The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.
The AIM component of Trillian 0.73 and 0.74 all
component
|
Trillian
|
AIM
|
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
Soft3304 04WebServer before 1.20 does not prope
04WebServer
|
Soft3304
|
before
|
Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information.
The scosession program in OpenServer 5.0.6 and
OpenServer
|
scosession
|
program
|
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
Multiple buffer overflows in the nd WebDAV inte
overflows
|
interface
|
Multiple
|
WebDAV
|
buffer
|
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.
FreeChat 1.1.1a allows remote attackers to caus
attackers
|
FreeChat
|
service
|
denial
|
allows
|
remote
|
cause
|
111a
|
FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".
Format string vulnerability in CDE Mailer (dtma
vulnerability
|
Mailer
|
Format
|
string
|
CDE
|
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
Format string vulnerability in Army Men RTS 1.0
vulnerability
|
attackers
|
service
|
allows
|
remote
|
Format
|
string
|
denial
|
cause
|
Army
|
Men
|
RTS
|
Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings.
The hash_strcmp function in hasch.c in Crackala
hash_strcmp
|
Crackalaka
|
function
|
haschc
|
The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings.
Unknown vulnerability in Moodle before 1.3.4 ha
vulnerability
|
Unknown
|
before
|
Moodle
|
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
Format string vulnerability in PeerCast 0.1211
vulnerability
|
PeerCast
|
Format
|
string
|
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
Horde IMP 4.0.4 and earlier does not sanitize s
Horde
|
IMP
|
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
Tor before 0.1.1.20 allows remote attackers to
before
|
Tor
|
Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.
Directory traversal vulnerability in SQL-Ledger
vulnerability
|
SQL-Ledger
|
LedgerSMB
|
traversal
|
Directory
|
before
|
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
Software vulnerabilities results 1 to 20 of 145
Page:
1
2
3
4
5
...
8
►