Searching unauthenticated software vulnerabilities

The installation of Novell Netware NDS 5.99 pro

installation | Netware | Novell | NDS |

The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.


Cisco Secure Access Control Server (ACS) 3.2(3)

Control | Server | Access | Secure | Cisco |

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.


Xerox MicroServer Web Server for various WorkCe

MicroServer | M35/M45/M55 | WorkCentre | including | products | various | Server | Xerox | Web |

Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.


The Mini FTP server in Novell iChain 2.2 and 2.

unauthenticated | attackers | earlier | command | obtain | allows | remote | Novell | server | iChain | full | path | Mini | PWD | via | SP2 | FTP |

The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.


VERITAS Backup Exec Server (beserver.exe) 9.0 t

VERITAS | Server | Backup | Exec |

VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.


Unknown vulnerability in Blue Coat Reporter bef

vulnerability | Reporter | Unknown | before | Blue | Coat |

Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.


delete.php in Plague News System 0.6 and earlie

unauthenticated | attackers | deletephp | parameter | modifying | comments | shoutbox | earlier | Plague | delete | allows | remote | System | posts | News |

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.


Multiple format string vulnerabilities in loggi

vulnerabilities | mod_auth_pgsql | functions | Multiple | logging | before | format | string |

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.


telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x

Heimdal | telnetd | before | 06x |

telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.


digestmd5.c in the CMU Cyrus Simple Authenticat

Authentication | digestmd5c | Security | Simple | Layer | Cyrus | CMU |

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.


Buffer overflow in the Routing and Remote Acces

overflow | service | Routing | Buffer | Access | Remote |

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php.


SQL injection vulnerability in admin/editer.php

admin/editerphp | authenticated | vulnerability | arbitrary | parameter | injection | commands | execute | allows | remote | Forum | users | id2 | SQL | via |

SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.


Unrestricted file upload vulnerability in TFT-G

administrators | admin/indexphp | authenticated | vulnerability | Unrestricted | TFT-Gallery | arbitrary | possibly | allows | remote | upload | using | files | file | php |

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector.


FON La Fonera routers do not properly limit DNS

unauthenticated | authentication | accessible | attackers | requests | properly | clients | service | traffic | routers | remote | tunnel | allows | before | Fonera | should | access | hosts | limit | which | FON | not | via | DNS |

FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.


Mozilla Firefox does not warn the user about HT

unauthenticated | documentwrite | dynamically | attackers | phishing | elements | created | attacks | delayed | conduct | content | Firefox | Mozilla | allows | remote | supply | HTTPS | which | does | warn | HTTP | page | user | not |

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.


Direct static code injection vulnerability in a

admin/settingsphp | vulnerability | injection | Direct | MyBlog | static | code |

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.


Unspecified vulnerability in Jelsoft vBulletin

vulnerability | Unspecified | vBulletin | Jelsoft | before |

Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.


Directory traversal vulnerability in admin/plug

admin/plugin_managerphp | administrators | vulnerability | authenticated | arbitrary | traversal | Directory | include | Jasmine | execute | allows | remote | local | files | CMS |

Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.


Unspecified vulnerability in Cisco IOS 12.0 thr

vulnerability | Unspecified | Cisco | IOS |

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.


Software vulnerabilities results 1 to 20 of 30     
Page: 12