time software vulnerabilities
vulnerabilities.aspcode.net
Searching time software vulnerabilities
Various modems that do not implement a guard ti
configured
|
implement
|
attackers
|
arbitrary
|
sequence
|
commands
|
appears
|
execute
|
packets
|
subject
|
Various
|
message
|
modems
|
others
|
remote
|
e-mail
|
"+++"
|
guard
|
allow
|
modem
|
ICMP
|
such
|
time
|
ATH0
|
can
|
IRC
|
via
|
ATH
|
etc
|
not
|
Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
Xylan OmniSwitch before 3.2.6 allows remote att
OmniSwitch
|
before
|
Xylan
|
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
keyinit in S/Key does not require authenticatio
authentication
|
initialize
|
privileges
|
activities
|
passwords
|
password
|
attacker
|
sequence
|
one-time
|
keyinit
|
account
|
require
|
gained
|
create
|
allows
|
which
|
S/Key
|
other
|
does
|
user
|
such
|
sudo
|
may
|
has
|
not
|
use
|
new
|
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
The library feature for Adobe Content Server 3.
downloadasp
|
parameter
|
arbitrary
|
modified
|
attacker
|
loanMin
|
feature
|
library
|
Content
|
length
|
Server
|
allows
|
remote
|
check
|
Adobe
|
eBook
|
time
|
out
|
via
|
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.
CUPS before 1.1.19 allows remote attackers to c
before
|
CUPS
|
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
Real time clock (RTC) routines in Linux kernel
clock
|
time
|
Real
|
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
The maketemp.pl script in Usermin 1.070 and 1.0
maketemppl
|
Usermin
|
script
|
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
MyWebServer 1.0.3 allows remote attackers to ca
MyWebServer
|
MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time.
Info Touch Surfnet kiosk allows local users to
authentication
|
accounts
|
Internet
|
repeated
|
attempts
|
deposit
|
Surfnet
|
allows
|
extra
|
local
|
kiosk
|
Touch
|
users
|
time
|
Info
|
into
|
via
|
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
PeerSec MatrixSSL before 1.1 caches session key
indefinitely
|
attackers
|
MatrixSSL
|
session
|
PeerSec
|
easier
|
remote
|
before
|
caches
|
hijack
|
might
|
which
|
long
|
keys
|
make
|
time
|
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.
KillProcess 2.20 and earlier allows local users
KillProcess
|
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
The securelevels implementation in NetBSD 2.1 a
implementation
|
securelevels
|
earlier
|
NetBSD
|
Linux
|
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
Advantage Century Telecommunication (ACT) P202S
Telecommunication
|
Advantage
|
Century
|
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks.
Multiple SQL injection vulnerabilities in TTS T
vulnerabilities
|
unspecified
|
injection
|
attackers
|
arbitrary
|
Software
|
Tracking
|
Multiple
|
commands
|
execute
|
vectors
|
remote
|
allow
|
Time
|
SQL
|
TTS
|
via
|
Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Buy.php in Aweb Scripts Seller uses predictable
authentication
|
predictable
|
attackers
|
cookies
|
Scripts
|
allows
|
number
|
script
|
remote
|
Seller
|
bypass
|
Buyphp
|
which
|
based
|
Aweb
|
uses
|
time
|
Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication.
PunBB uses a predictable cookie_seed value that
registration
|
cookie_seed
|
predictable
|
superadmin
|
account
|
derived
|
PunBB
|
value
|
uses
|
time
|
can
|
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
Apache Derby before 10.2.1.6 does not determine
before
|
Apache
|
Derby
|
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
OpenSSH, when using OPIE (One-Time Passwords in
OpenSSH
|
using
|
OPIE
|
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
NuFW 2.2.3, and certain other versions after 2.
NuFW
|
NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time.
The WebService (XML-RPC) interface in Bugzilla
WebService
|
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
Software vulnerabilities results 1 to 20 of 118
Page:
1
2
3
4
5
6
►