supports software vulnerabilities
vulnerabilities.aspcode.net
Searching supports software vulnerabilities
System Manager sysmgr GUI in SGI IRIX 6.4 and 6
providing
|
attackers
|
commands
|
execute
|
Manager
|
remote
|
trojan
|
System
|
sysmgr
|
allows
|
horse
|
IRIX
|
SGI
|
GUI
|
System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.
Xylan OmniSwitch before 3.2.6 allows remote att
OmniSwitch
|
before
|
Xylan
|
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
Beck GmbH IPC@Chip TelnetD service supports onl
administrator
|
connection
|
disconnect
|
connecting
|
attackers
|
complete
|
IPC@Chip
|
supports
|
TelnetD
|
service
|
process
|
account
|
allows
|
remote
|
which
|
login
|
lock
|
GmbH
|
only
|
does
|
user
|
Beck
|
not
|
one
|
out
|
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.
Information leaks in IIS 4 through 5.1 allow re
potentially
|
Information
|
attackers
|
responses
|
sensitive
|
through
|
conduct
|
attacks
|
easily
|
remote
|
server
|
obtain
|
leaks
|
which
|
force
|
allow
|
brute
|
more
|
IIS
|
via
|
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (1) the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages, (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request.
Sun Ray Server Software (SRSS) 1.3, when Non-Sm
Software
|
Server
|
Sun
|
Ray
|
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.
Buffer overflow in the SockPrintf function in w
SockPrintf
|
function
|
overflow
|
wu-ftpd
|
Buffer
|
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
SCO OpenServer 5.0.5 through 5.0.7 only support
OpenServer
|
SCO
|
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.
The default installation of Fastream NETFile FT
installation
|
Fastream
|
FTP/Web
|
NETFile
|
default
|
Server
|
The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.
Simple Machines Forum (SMF) 1-0-5 and earlier s
Machines
|
Simple
|
Forum
|
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
scponlyc in scponly 4.1 and earlier, when the o
application
|
LD_PRELOAD
|
mechanisms
|
privileges
|
operating
|
directory
|
arbitrary
|
modified
|
creating
|
scponlyc
|
supports
|
function
|
expected
|
scponly
|
linking
|
earlier
|
execute
|
setuid
|
modify
|
chroot
|
allows
|
system
|
using
|
users
|
local
|
calls
|
their
|
hard
|
home
|
code
|
root
|
scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application.
** DISPUTED ** Directory traversal vulnerabilit
vulnerability
|
workspacesphp
|
phpXplorer
|
Directory
|
traversal
|
DISPUTED
|
** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root.
Directory traversal vulnerability in action.php
vulnerability
|
phpXplorer
|
attackers
|
arbitrary
|
Directory
|
traversal
|
actionphp
|
allows
|
remote
|
files
|
read
|
via
|
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability.
Tor before 0.1.1.20 supports server descriptors
before
|
Tor
|
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
Asterisk 1.2.10 supports the use of client-cont
Asterisk
|
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
The default configuration in OpenAFS 1.4.x befo
configuration
|
OpenAFS
|
default
|
before
|
14x
|
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
mirror --script in lftp before 3.5.9 does not p
--script
|
before
|
mirror
|
lftp
|
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Format string vulnerability in the MprLogToFile
vulnerability
|
string
|
Format
|
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
Software vulnerabilities results 1 to 18 of 18
Page:
1