those software vulnerabilities
vulnerabilities.aspcode.net
Searching those software vulnerabilities
Windows NT 4.0 SP2 allows remote attackers to c
attackers
|
service
|
Windows
|
denial
|
allows
|
remote
|
cause
|
SP2
|
Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.
The SuSE aaa_base package installs some system
directories
|
privileges
|
standard
|
accounts
|
creating
|
profiles
|
aaa_base
|
installs
|
package
|
scripts
|
startup
|
allows
|
system
|
those
|
users
|
local
|
which
|
user
|
such
|
some
|
/tmp
|
gain
|
home
|
SuSE
|
set
|
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
CommonName Toolbar 3.5.2.0 sends unqualified do
CommonName
|
Toolbar
|
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
Multiple unknown vulnerabilities in Nessus befo
vulnerabilities
|
Multiple
|
unknown
|
before
|
Nessus
|
Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus."
The /proc filesystem in Linux allows local user
information
|
permissions
|
/proc/self
|
filesystem
|
sensitive
|
ownership
|
executing
|
various
|
entries
|
program
|
opening
|
allows
|
setuid
|
change
|
causes
|
obtain
|
before
|
/proc
|
Linux
|
those
|
local
|
which
|
users
|
fail
|
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
The RPM installation of SAP DB 7.x creates the
installation
|
creates
|
SAP
|
RPM
|
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
BEA WebLogic Server and Express 7.0 and 7.0.0.1
WebLogic
|
Express
|
Server
|
BEA
|
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
The built-in web servers for multiple networkin
networking
|
attribute
|
sensitive
|
plaintext
|
sessions
|
multiple
|
built-in
|
servers
|
cookies
|
devices
|
session
|
Secure
|
server
|
cause
|
agent
|
those
|
which
|
HTTPS
|
could
|
over
|
same
|
HTTP
|
user
|
send
|
not
|
web
|
set
|
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
Multiple unknown vulnerabilities in Linux kerne
vulnerabilities
|
CVE-2004-0495
|
privileges
|
identified
|
different
|
Multiple
|
checking
|
unknown
|
memory
|
source
|
Sparse
|
kernel
|
access
|
found
|
local
|
Linux
|
allow
|
those
|
users
|
code
|
gain
|
than
|
tool
|
set
|
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
Claim Anti-Virus (ClamAV) 0.68 and earlier allo
Anti-Virus
|
Claim
|
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
The Solaris Management Console (SMC) GUI for So
Management
|
Console
|
Solaris
|
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
Certain BSD-based Telnet clients, including tho
environment
|
ENV_USERVAR
|
NEW-ENVIRON
|
variables
|
malicious
|
BSD-based
|
sensitive
|
including
|
command
|
Certain
|
clients
|
Solaris
|
servers
|
option
|
Telnet
|
remote
|
those
|
Linux
|
allow
|
SEND
|
used
|
read
|
SuSE
|
via
|
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Belkin 54G (F5D7130) wireless router allows rem
Belkin
|
54G
|
Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication.
Directory traversal vulnerability in the third
vulnerability
|
Castlehill
|
including
|
Directory
|
attackers
|
arbitrary
|
sequences
|
traversal
|
iSeries
|
qsyslib
|
request
|
remote
|
access
|
allows
|
AS/400
|
secure
|
server
|
party
|
those
|
third
|
files
|
tool
|
used
|
FTP
|
GET
|
via
|
Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
Directory traversal vulnerability in the third
vulnerability
|
including
|
Powertech
|
arbitrary
|
attackers
|
traversal
|
Directory
|
sequences
|
qsyslib
|
iSeries
|
request
|
remote
|
access
|
allows
|
AS/400
|
secure
|
server
|
party
|
those
|
third
|
files
|
tool
|
used
|
FTP
|
GET
|
via
|
Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
Directory traversal vulnerability in the third
vulnerability
|
including
|
attackers
|
arbitrary
|
sequences
|
traversal
|
Directory
|
iSeries
|
qsyslib
|
request
|
allows
|
remote
|
access
|
AS/400
|
secure
|
server
|
those
|
party
|
third
|
Bsafe
|
files
|
used
|
tool
|
FTP
|
GET
|
via
|
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
Directory traversal vulnerability in the third
vulnerability
|
including
|
SafeStone
|
arbitrary
|
attackers
|
traversal
|
Directory
|
sequences
|
qsyslib
|
iSeries
|
request
|
remote
|
access
|
allows
|
AS/400
|
secure
|
server
|
party
|
those
|
third
|
files
|
tool
|
used
|
FTP
|
GET
|
via
|
Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
PostgreSQL 7.3.x through 8.0.x gives public EXE
vulnerability"
|
unprivileged
|
PostgreSQL
|
conversion
|
"Character
|
malicious
|
functions
|
character
|
unknown
|
EXECUTE
|
through
|
certain
|
impact
|
values
|
access
|
public
|
allows
|
those
|
which
|
gives
|
users
|
call
|
73x
|
80x
|
aka
|
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
fixproc in Net-snmp 5.x before 5.2.1-r1 creates
insecurely
|
arbitrary
|
temporary
|
overwrite
|
commands
|
Net-snmp
|
contents
|
execute
|
symlink
|
creates
|
fixproc
|
before
|
521-r1
|
allows
|
attack
|
modify
|
which
|
files
|
local
|
those
|
users
|
via
|
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
Multiple unspecified vulnerabilities in MyBulle
vulnerabilities
|
MyBulletinBoard
|
unspecified
|
Multiple
|
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
Software vulnerabilities results 1 to 20 of 70
Page:
1
2
3
4
►