unicode software vulnerabilities
vulnerabilities.aspcode.net
Searching unicode software vulnerabilities
Aladdin eSafe Gateway versions 3.0 and earlier
circumvent
|
filtering
|
attacker
|
document
|
encoding
|
versions
|
Aladdin
|
Gateway
|
UNICODE
|
earlier
|
within
|
remote
|
allows
|
SCRIPT
|
eSafe
|
tags
|
HTML
|
via
|
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
Lotus Domino R5 prior to 5.0.7 allows a remote
Domino
|
prior
|
Lotus
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.
Microsoft IIS 4.0 and before, when installed on
partition
|
installed
|
Microsoft
|
attacker
|
encoded
|
Unicode
|
obtain
|
source
|
allows
|
before
|
remote
|
files
|
code
|
URL
|
FAT
|
IIS
|
ASP
|
via
|
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
Netegrity SiteMinder 3.6 through 4.5.1 allows r
SiteMinder
|
Netegrity
|
through
|
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
Macromedia JRun 3.0, 3.1, and 4.0 allow remote
Macromedia
|
attackers
|
character
|
encoded
|
Unicode
|
source
|
remote
|
values
|
files
|
allow
|
view
|
JRun
|
code
|
URL
|
via
|
JSP
|
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
The HTTP proxy for Symantec Enterprise Firewall
Enterprise
|
Firewall
|
Symantec
|
proxy
|
HTTP
|
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
HP OpenView Select Access 5.0 through 6.0 does
restrictions
|
characters
|
correctly
|
attackers
|
OpenView
|
encoded
|
unicode
|
through
|
Access
|
remote
|
decode
|
Select
|
bypass
|
allow
|
could
|
UTF-8
|
which
|
does
|
URL
|
not
|
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
RXVT-Unicode 3.4 and 3.5 does not properly clos
RXVT-Unicode
|
descriptors
|
privileges
|
terminals
|
possibly
|
properly
|
allows
|
access
|
close
|
other
|
users
|
which
|
local
|
gain
|
does
|
file
|
not
|
RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.
Buffer overflow in command.C for rxvt-unicode b
rxvt-unicode
|
containing
|
arbitrary
|
sequences
|
attackers
|
commandC
|
overflow
|
crafted
|
execute
|
allows
|
before
|
escape
|
remote
|
Buffer
|
long
|
code
|
file
|
via
|
Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.
The SMTP service in MailEnable Enterprise 1.04
MailEnable
|
Enterprise
|
service
|
SMTP
|
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
Firefox before 1.0.7 and Mozilla Suite before 1
Firefox
|
before
|
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
Buffer overflow vulnerability in the unicode_to
unicode_to_bytes
|
vulnerability
|
Location
|
Protocol
|
overflow
|
Service
|
Buffer
|
Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value.
estcmd in Hyper Estraier 1.0.1 on Windows syste
Estraier
|
estcmd
|
Hyper
|
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
Buffer overflow in Microsoft Outlook Express 5.
attackers
|
arbitrary
|
Microsoft
|
overflow
|
execute
|
crafted
|
Windows
|
Outlook
|
Express
|
Address
|
remote
|
allows
|
Buffer
|
Book
|
code
|
via
|
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Buffer overflow in SecureCRT 5.0.4 and earlier
SecureCRT
|
overflow
|
Buffer
|
Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.
Buffer overflow in ArgoSoft FTP Server 1.4.3.6
ArgoSoft
|
overflow
|
Server
|
Buffer
|
FTP
|
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
Cross-site scripting (XSS) vulnerability in cal
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.
The Nokia Browser, possibly Nokia Symbian 60 Br
attackers
|
possibly
|
edition
|
service
|
Browser
|
Symbian
|
denial
|
remote
|
allows
|
Nokia
|
cause
|
3rd
|
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
Format string vulnerability in Songbird Media P
vulnerability
|
attackers
|
Songbird
|
earlier
|
service
|
string
|
denial
|
Format
|
remote
|
Player
|
allows
|
Media
|
cause
|
Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.
Directory traversal vulnerability in SAFileUpSa
SAFileUpSamples/util/viewsrcasp
|
vulnerability
|
SoftArtisans
|
Directory
|
traversal
|
FileUp
|
Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences.
Software vulnerabilities results 1 to 20 of 49
Page:
1
2
3
►