targets software vulnerabilities
vulnerabilities.aspcode.net
Searching targets software vulnerabilities
SSH, as implemented in OpenSSH before 4.0 and p
implementations
|
known_hosts
|
compromised
|
implemented
|
additional
|
hostnames
|
plaintext
|
addresses
|
generate
|
possibly
|
password
|
attacker
|
account
|
OpenSSH
|
targets
|
user's
|
stores
|
likely
|
before
|
easier
|
which
|
other
|
makes
|
more
|
same
|
have
|
list
|
file
|
keys
|
key
|
SSH
|
has
|
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Google Mini Search Appliance, and possibly Goog
arbitrary
|
attackers
|
comparing
|
resulting
|
determine
|
Appliance
|
messages
|
possibly
|
modified
|
targets
|
Google
|
allows
|
closed
|
Search
|
remote
|
error
|
ports
|
hosts
|
port
|
open
|
Mini
|
then
|
URLs
|
scan
|
via
|
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
Google Desktop allows user-assisted remote atta
HTTP-EQUIV="refresh"
|
man-in-the-middle
|
user-assisted
|
wwwgooglecom
|
JavaScript
|
computer"
|
arbitrary
|
displayed
|
attackers
|
"results
|
programs
|
targets
|
injects
|
clicked
|
Desktop
|
invokes
|
results
|
portion
|
execute
|
stored
|
attack
|
search
|
remote
|
Google
|
allows
|
IFRAME
|
which
|
local
|
file
|
META
|
your
|
exe
|
via
|
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
Cisco 4100 and 4400, Airespace 4000, and Cataly
Cisco
|
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374.
Software vulnerabilities results 1 to 5 of 5
Page:
1