suggests software vulnerabilities
vulnerabilities.aspcode.net
Searching suggests software vulnerabilities
Open Projects Network Internet Relay Chat (IRC)
Projects
|
Internet
|
Network
|
Relay
|
Chat
|
Open
|
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8
attackers
|
lynx-cur
|
lynx-ssl
|
286dev8
|
service
|
remote
|
before
|
denial
|
cause
|
allow
|
Lynx
|
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Multiple heap-based buffer overflows in (1) isa
heap-based
|
overflows
|
Multiple
|
buffer
|
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
Buffer overflow in the HTTP management interfac
MailSecurity
|
management
|
interface
|
attackers
|
arbitrary
|
overflow
|
headers
|
execute
|
remote
|
Buffer
|
allows
|
long
|
such
|
HTTP
|
code
|
GFI
|
via
|
Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
SQL injection vulnerability in index.php in php
vulnerability
|
phpComasy
|
injection
|
indexphp
|
SQL
|
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
Untrusted search path vulnerability in opcontro
vulnerability
|
opcontrol
|
Untrusted
|
OProfile
|
search
|
path
|
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.
** DISPUTED ** Cross-site scripting (XSS) vuln
Cross-site
|
scripting
|
DISPUTED
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
Ecommerce
|
arbitrary
|
attackers
|
injection
|
Multiple
|
commands
|
DISPUTED
|
execute
|
remote
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem.
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.
Directory traversal vulnerability in include/in
include/inc_ext/spaw/spaw_controlclassphp
|
vulnerability
|
attackers
|
arbitrary
|
traversal
|
Directory
|
include
|
phpwcms
|
125-DEV
|
allows
|
remote
|
files
|
local
|
via
|
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.
Eitsop My Web Server 1.0 allows remote attacker
attackers
|
service
|
remote
|
denial
|
Eitsop
|
Server
|
allows
|
cause
|
Web
|
Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897.
PHP remote file inclusion vulnerability in admi
admin/adminphp
|
vulnerability
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
execute
|
allows
|
remote
|
Piadas
|
page
|
code
|
file
|
PHP
|
via
|
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script.
PHP remote file inclusion vulnerability in admi
admin/editeur/spaw_controlclassphp
|
vulnerability
|
parameter
|
attackers
|
spaw_root
|
arbitrary
|
inclusion
|
Provence
|
execute
|
earlier
|
SL_Site
|
remote
|
allows
|
code
|
file
|
Web
|
PHP
|
via
|
URL
|
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition.
Buffer overflow in MA521nd5.SYS driver 5.148.72
MA521nd5SYS
|
overflow
|
driver
|
Buffer
|
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow.
FileZilla Server before 0.9.22 allows remote at
FileZilla
|
before
|
Server
|
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
FileZilla Server before 0.9.22 allows remote at
FileZilla
|
before
|
Server
|
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-????. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
include.php in Shoutpro 1.0 might allow remote
restrictions
|
bannedipsphp
|
includephp
|
attackers
|
parameter
|
alternate
|
Shoutpro
|
points
|
remote
|
bypass
|
might
|
allow
|
file
|
path
|
ban
|
via
|
URL
|
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
Multiple SQL injection vulnerabilities in ATuto
vulnerabilities
|
injection
|
Multiple
|
ATutor
|
SQL
|
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
ZixForum 1.14 and earlier stores sensitive info
ZixForum
|
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.
index.php in WebMplayer before 0.6.1-Alpha allo
metacharacters
|
WebMplayer
|
attackers
|
arbitrary
|
061-Alpha
|
indexphp
|
function
|
execute
|
allows
|
before
|
remote
|
shell
|
code
|
call
|
exec
|
via
|
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.
Software vulnerabilities results 1 to 20 of 41
Page:
1
2
3
►