Searching usage software vulnerabilities

Microsoft Internet Explorer 6.0 and earlier all

showModelessDialog | Microsoft | released | infinite | modeless | Explorer | Internet | service | earlier | dialogs | dialog | causes | denial | allows | focus | usage | while | local | cause | users | which | loop | via | not | CPU |

Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.


NTFS file system in Windows NT 4.0 and Windows

Windows | system | NTFS | file |

NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.


TeeKai Forum 1.2 uses weak encryption of web us

data/member_logtxt | insufficient | encryption | statistics | attackers | dividing | document | visiting | identify | control | TeeKai | access | remote | allows | stored | Forum | octet | usage | under | which | each | uses | hash | '20' | IP's | root | site | weak | web | MD5 |

TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.


TeeKai Tracking Online 1.0 uses weak encryption

data/userlog/logtxt | encryption | statistics | attackers | dividing | Tracking | identify | visiting | remote | allows | Online | TeeKai | usage | which | octet | '20' | hash | each | uses | weak | site | IP's | web | MD5 |

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.


Multiple buffer overflows in apcupsd before 3.8

overflows | Multiple | apcupsd | before | buffer |

Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.


Unknown vulnerability in fs_usage in Mac OS X 1

vulnerability | fs_usage | Unknown | Mac |

Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.


Certain USB drivers in the Linux 2.4 kernel use

uninitialized | copy_to_user | information | structures | sensitive | function | previous | Certain | reading | drivers | cleared | obtain | kernel | memory | usage | could | which | Linux | users | local | allow | USB | not | use |

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.


HttpRequest.java in Jetty HTTP Server before 4.

HttpRequestjava | before | Server | Jetty | HTTP |

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.


mntd_mount.c in mntd before 0.4.2 might allow l

mntd_mountc | before | mntd |

mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file.


Unknown vulnerability in Solaris 8 and 9 allows

vulnerability | attackers | service | Unknown | Solaris | denial | allows | remote | cause |

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.


DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:

CANDIDATE | NUMBER | NOT | USE |

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: This candidate is a duplicate of CVE-2005-1915. Notes: All CVE users should reference CVE-2005-1915 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.


BEA WebLogic Server and WebLogic Express 8.1 SP

unauthorized | incorrect | scenarios | detection | attackers | WebLogic | severity | actions | Express | earlier | perform | certain | Server | levels | "heavy | usage" | report | allow | avoid | event | audit | might | which | BEA | SP6 | SP4 |

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.


NCP Network Communication Secure Client 8.11 Bu

Communication | Network | Secure | Client | NCP |

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks.


Cross-site scripting (XSS) vulnerability in inc

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.


** DISPUTED ** PHP remote file inclusion vulne

install/upgrade_301php | vulnerability | inclusion | vBulletin | DISPUTED | Jelsoft | remote | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system."


Panda Platinum Internet Security 2006 10.02.01

Internet | Security | Platinum | Panda |

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.


PHP remote file inclusion vulnerability in bb_u

bb_usage_stats/includes/bb_usage_statsphp | vulnerability | inclusion | remote | phpBB | file | PHP |

PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.


Apache SpamAssassin before 3.1.8 allows remote

SpamAssassin | before | Apache |

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."


Buffer overflow in cli32 in Areca CLI 1.72.250

overflow | Buffer | Areca | cli32 | CLI |

Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid.


The dl function in PHP 5.2.4 and earlier allows

function | PHP |

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.


Software vulnerabilities results 1 to 20 of 27     
Page: 12