Searching used software vulnerabilities

A weak encryption algorithm is used for passwor

TermVision | encryption | passwords | decrypted | algorithm | allowing | easily | local | used | user | them | weak | SCO |

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.


IBM WebSphere ikeyman tool uses weak encryption

connections | encryption | WebSphere | password | database | ikeyman | store | tool | used | weak | uses | IBM | SSL | key |

IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.


Buffer overflow in DNS resolver functions that

functions | addresses | resolver | overflow | network | perform | Buffer | lookup | names | BIND | used | DNS |

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.


Venturi Client before 2.2, as used in certain F

protocols | including | Fourelle | Wireless | products | spammers | various | Venturi | certain | Client | abused | before | allows | which | relay | proxy | used | open | SMTP | can |

Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.


Multiple buffer overflows in Options Parsing To

overflows | Multiple | Parsing | Options | buffer | Tool |

Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.


eroaster before 2.2.0 allows local users to ove

eroaster | before |

eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.


Unknown vulnerability in FCKeditor 2.0 RC2, whe

vulnerability | attackers | FCKeditor | arbitrary | PHP-Nuke | Unknown | upload | remote | allows | files | used | RC2 |

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.


Unknown vulnerability in "the function used to

vulnerability | Serendipity | path-names | uploading | function | validate | Unknown | impact | before | media" | used | "the | has |

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.


Unknown vulnerability in Serendipity 0.8, when

vulnerability | unprivileged | Serendipity | arbitrary | multiple | authors | Unknown | upload | allows | files | media | used |

Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.


Buffer overflow in a certain USB driver, as use

Microsoft | attackers | arbitrary | overflow | Windows | execute | certain | driver | Buffer | allows | used | code | USB |

Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.


The password assistant in Mac OS X 10.4 to 10.4

assistant | password | Mac |

The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.


User.php in Gallery, as used in Postnuke, allow

privileges | galleries | Postnuke | Gallery | Userphp | access | allows | Admin | users | used | gain | all | any |

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.


Buffer overflow in the LZX decompression in CHM

decompression | overflow | Buffer | Lib | CHM | LZX |

Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.


Unspecified vulnerability in BEA WebLogic Serve

circumstances | vulnerability | unencrypted | credentials | Unspecified | privileges | attackers | cleartext | protocol | intended | WebLogic | network | certain | Express | through | across | allows | remote | Server | causes | which | gain | user | used | sent | SP7 | SSL | SP6 | SP3 | BEA |

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.


Multiple directory traversal vulnerabilities in

vulnerabilities | iCalendar | traversal | directory | Multiple | PHP |

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.


Directory traversal vulnerability in gallerie.p

admin/configincphp | vulnerability | directories | galleriephp | construct | arbitrary | parameter | sequences | attackers | Directory | traversal | SL_site | allows | images | remote | which | list | used | name | via | rep |

Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message.


PHP remote file inclusion vulnerability in incl

includes/configphp | vulnerability | WebCalendar | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.


Stack-based buffer overflow in an ActiveX contr

Stack-based | Automated | Assistant | AntiVirus | overflow | Internet | Security | Symantec | control | ActiveX | Support | System | Norton | buffer | Works | used |

Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.


Unspecified vulnerability in an ActiveX control

vulnerability | Unspecified | AntiVirus | Automated | Assistant | Symantec | Security | Internet | control | ActiveX | Support | System | Norton | Works | used |

Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.


Software vulnerabilities results 1 to 20 of 940     
Page: 12345...48