use software vulnerabilities
vulnerabilities.aspcode.net
Searching use software vulnerabilities
In older versions of Sendmail, an attacker coul
character
|
attacker
|
commands
|
versions
|
Sendmail
|
execute
|
older
|
could
|
root
|
pipe
|
use
|
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
ARCserve NT agents use weak encryption (XOR) fo
encryption
|
ARCserve
|
agents
|
weak
|
use
|
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
ORBit and esound in Red Hat Linux 6.1 do not us
authentication
|
sufficiently
|
numbers
|
allows
|
random
|
esound
|
local
|
users
|
ORBit
|
guess
|
which
|
Linux
|
keys
|
not
|
use
|
Hat
|
Red
|
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
violation.php3 in Phorum 3.0.7 allows remote at
violationphp3
|
Phorum
|
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
Configuration error in Axent Raptor Firewall 6.
Configuration
|
httpnoproxy
|
attackers
|
resources
|
internal
|
Firewall
|
access
|
Raptor
|
remote
|
allows
|
error
|
Axent
|
proxy
|
Rule
|
set
|
not
|
use
|
web
|
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
keyinit in S/Key does not require authenticatio
authentication
|
initialize
|
privileges
|
activities
|
passwords
|
password
|
attacker
|
sequence
|
one-time
|
keyinit
|
account
|
require
|
gained
|
create
|
allows
|
which
|
S/Key
|
other
|
does
|
user
|
such
|
sudo
|
may
|
has
|
not
|
use
|
new
|
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
DB4Web server, when configured to use verbose d
connections
|
configured
|
attackers
|
messages
|
verbose
|
systems
|
attempt
|
remote
|
DB4Web
|
server
|
allows
|
other
|
debug
|
proxy
|
use
|
TCP
|
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 d
privileges
|
attackers
|
properly
|
process
|
OpenVMS
|
allows
|
access
|
Alpha
|
which
|
ACMS
|
data
|
does
|
not
|
use
|
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
Novell eDirectory 8.6.2 and 8.7 use case insens
eDirectory
|
Novell
|
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.
OpenSSL does not use RSA blinding by default, w
determining
|
differences
|
attackers
|
blinding
|
server's
|
private
|
OpenSSL
|
factors
|
default
|
obtain
|
timing
|
allows
|
remote
|
using
|
which
|
local
|
does
|
not
|
key
|
RSA
|
use
|
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Postfix 1.1.11 and earlier allows remote attack
Postfix
|
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
BEA WebLogic Express and Server 7.0 through 8.1
circumstances
|
WebLogic
|
through
|
certain
|
request
|
Express
|
Server
|
under
|
over
|
SSL
|
BEA
|
use
|
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
Multiple content security gateway and antivirus
restrictions
|
non-standard
|
incorrectly
|
interpreted
|
differently
|
characters
|
separators
|
parameters
|
separator
|
attackers
|
antivirus
|
Multiple
|
standard
|
security
|
products
|
messages
|
content
|
headers
|
gateway
|
clients
|
fields
|
values
|
bypass
|
remote
|
within
|
which
|
allow
|
MIME
|
mail
|
use
|
via
|
may
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.
The framebuffer driver in Linux kernel 2.6.x do
fb_copy_cmap
|
framebuffer
|
properly
|
function
|
unknown
|
kernel
|
driver
|
impact
|
Linux
|
does
|
26x
|
not
|
use
|
The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.
OpenLDAP 1.0 through 2.1.19, as used in Apple M
OpenLDAP
|
through
|
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Midnight commander (mc) 4.5.55 and earlier allo
commander
|
Midnight
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
Free SMTP Server 2.2 allows remote attackers to
attackers
|
allows
|
remote
|
Server
|
relay
|
open
|
mail
|
SMTP
|
Free
|
use
|
Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).
MOHA Chat 0.1b7 and earlier does not require au
authentication
|
vectors
|
require
|
unknown
|
earlier
|
attack
|
impact
|
which
|
does
|
MOHA
|
Chat
|
01b7
|
plug
|
use
|
not
|
has
|
API
|
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
putmail.py in Putmail before 1.4 does not detec
information
|
encryption
|
attackers
|
plaintext
|
putmailpy
|
sensitive
|
believes
|
username
|
password
|
attempts
|
Putmail
|
support
|
allows
|
obtain
|
remote
|
server
|
before
|
detect
|
causes
|
while
|
which
|
send
|
user
|
does
|
not
|
TLS
|
use
|
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
Buffer overflow in Hitachi Cosminexus V4 throug
Cosminexus
|
Processing
|
overflow
|
through
|
Hitachi
|
before
|
Buffer
|
XML
|
Kit
|
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before Friday, May 11, 2007, Developer's Kit for Java before Monday, March 12, 2007, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
Software vulnerabilities results 1 to 20 of 479
Page:
1
2
3
4
5
...
24
►