uninitialized software vulnerabilities
vulnerabilities.aspcode.net
Searching uninitialized software vulnerabilities
Simple Web Server (SWS) 0.0.4 through 0.1.0 doe
Server
|
Simple
|
Web
|
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
ldbm_back_exop_passwd in the back-ldbm backend
ldbm_back_exop_passwd
|
back-ldbm
|
OpenLDAP
|
passwdc
|
backend
|
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
Certain USB drivers in the Linux 2.4 kernel use
uninitialized
|
copy_to_user
|
information
|
structures
|
sensitive
|
function
|
previous
|
Certain
|
reading
|
drivers
|
cleared
|
obtain
|
kernel
|
memory
|
usage
|
could
|
which
|
Linux
|
users
|
local
|
allow
|
USB
|
not
|
use
|
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
The DSS verification code in Dropbear SSH Serve
verification
|
Dropbear
|
Server
|
before
|
code
|
DSS
|
SSH
|
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
Mail.app in Mail for Apple Mac OS X 10.3.9, whe
Mailapp
|
Apple
|
Mail
|
Mac
|
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
pnmtopng in netpbm before 10.25, when using the
pnmtopng
|
before
|
netpbm
|
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
Multiple eval injection vulnerabilities in the
vulnerabilities
|
injection
|
function
|
Multiple
|
PHPKIT
|
eval
|
help
|
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
The ipfw firewall in FreeBSD 6.0-RELEASE allows
60-RELEASE
|
attackers
|
firewall
|
service
|
FreeBSD
|
denial
|
allows
|
remote
|
cause
|
ipfw
|
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.
The LDAP component in Fedora Directory Server 1
Directory
|
attackers
|
component
|
service
|
remote
|
denial
|
Fedora
|
Server
|
cause
|
allow
|
LDAP
|
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.
WordPress 2.0.3 allows remote attackers to obta
WordPress
|
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.
Microsoft Internet Explorer 6 allows remote att
attackers
|
Microsoft
|
Explorer
|
Internet
|
service
|
denial
|
allows
|
remote
|
cause
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.
Microsoft Internet Explorer 6 allows remote att
attackers
|
Microsoft
|
Explorer
|
Internet
|
service
|
denial
|
allows
|
remote
|
cause
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
Phorum
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.
Apple QuickTime before 7.1.3 allows user-assist
QuickTime
|
before
|
Apple
|
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
Grisoft AVG Anti-Virus before 7.1.407 has unkno
Anti-Virus
|
Grisoft
|
before
|
AVG
|
Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.
The if_clone_list function in NetBSD-current be
NetBSD-current
|
if_clone_list
|
function
|
before
|
The if_clone_list function in NetBSD-current before Friday, October 27, 2006, NetBSD 3.0 and 3.0.1 before Friday, October 27, 2006, and NetBSD 2.x before Sunday, November 19, 2006 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.
The HTML Help ActiveX control (Hhctrl.ocx) in M
ActiveX
|
control
|
HTML
|
Help
|
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
The TrueType Fonts rasterizer in Microsoft Wind
rasterizer
|
Microsoft
|
TrueType
|
Windows
|
Fonts
|
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
The soap extension in PHP calls php_rand_r with
mcrypt_create_iv
|
uninitialized
|
CVE-2007-2727
|
php_rand_r
|
extension
|
variable
|
covered
|
unknown
|
vectors
|
related
|
impact
|
attack
|
issue
|
calls
|
which
|
soap
|
seed
|
PHP
|
has
|
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.
input.c in VideoLAN VLC Media Player before 0.8
attackers
|
VideoLAN
|
service
|
denial
|
allows
|
remote
|
inputc
|
Player
|
before
|
cause
|
Media
|
086c
|
VLC
|
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
Software vulnerabilities results 1 to 20 of 32
Page:
1
2
►