sufficient software vulnerabilities
vulnerabilities.aspcode.net
Searching sufficient software vulnerabilities
PostgreSQL stores usernames and passwords in pl
PostgreSQL
|
passwords
|
plaintext
|
usernames
|
stores
|
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
The DNS callbacks in nsd in SGI IRIX 6.5.x thro
sufficient
|
callbacks
|
possibly
|
versions
|
checking
|
earlier
|
unknown
|
perform
|
through
|
sanity
|
impact
|
6520f
|
IRIX
|
DNS
|
SGI
|
65x
|
nsd
|
not
|
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
Multiple buffer overflows in libpng 1.2.5 and e
overflows
|
Multiple
|
libpng
|
buffer
|
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
The slip_down function in slip.c for the uml_ne
uml-utilities
|
slip_down
|
function
|
program
|
uml_net
|
slipc
|
The slip_down function in slip.c for the uml_net program in uml-utilities Wednesday, September 03, 2003, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).
** UNVERIFIABLE ** NOTE: this issue describes
UNVERIFIABLE
|
** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of Thursday, April 21, 2005. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED.
nss_ldap 181 to versions before 213, as used in
nss_ldap
|
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.
Unspecified vulnerability in Firefox and Thunde
vulnerability
|
Thunderbird
|
Unspecified
|
Firefox
|
before
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of Thursday, April 13, 2006, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
Unspecified vulnerability in Firefox and Thunde
vulnerability
|
Thunderbird
|
Unspecified
|
Firefox
|
before
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of Thursday, April 13, 2006, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
Unspecified vulnerability in Firefox and Thunde
vulnerability
|
Thunderbird
|
Unspecified
|
Firefox
|
before
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of Thursday, April 13, 2006, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
Unspecified vulnerability in Firefox and Thunde
vulnerability
|
Thunderbird
|
Unspecified
|
Firefox
|
before
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of Thursday, April 13, 2006, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
The decode_stringmap function in server_transpo
server_transportcpp
|
decode_stringmap
|
function
|
UFO2000
|
svn
|
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory.
The PPP daemon (pppd) in Apple Mac OS X 10.4.8
daemon
|
PPP
|
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
QuickTime for Java in Apple Quicktime before 7.
information
|
sufficient
|
attackers
|
QuickTime
|
sensitive
|
control"
|
"access
|
perform
|
remote
|
before
|
obtain
|
allows
|
Apple
|
which
|
Java
|
does
|
not
|
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
Software vulnerabilities results 1 to 14 of 14
Page:
1