user agent software vulnerabilities
vulnerabilities.aspcode.net
Searching user agent software vulnerabilities
Buffer overflow in w3-auth CGI program in miniS
arbitrary
|
attackers
|
commands
|
overflow
|
package
|
execute
|
w3-auth
|
request
|
miniSQL
|
program
|
Buffer
|
allows
|
remote
|
HTTP
|
CGI
|
via
|
Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header.
Buffer overflow in ddicgi.exe in Mobius Documen
DocumentDirect
|
User-Agent
|
parameter
|
arbitrary
|
ddicgiexe
|
attackers
|
commands
|
overflow
|
Internet
|
execute
|
Buffer
|
Mobius
|
remote
|
allows
|
long
|
via
|
Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long User-Agent parameter.
Buffer overflow in SHOUTcast Server 1.8.2 allow
SHOUTcast
|
overflow
|
Server
|
Buffer
|
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
Buffer overflow in CrazyWWWBoard 2000p4 and 200
HTTP_USER_AGENT
|
CrazyWWWBoard
|
environment
|
arbitrary
|
attackers
|
variable
|
overflow
|
2000LEp5
|
execute
|
2000p4
|
allows
|
remote
|
Buffer
|
code
|
long
|
via
|
CGI
|
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable.
Cross-site scripting vulnerability in DeepMetri
vulnerability
|
DeepMetrix
|
Cross-site
|
LiveStats
|
scripting
|
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program.
Ximian Evolution Mail User Agent 1.2.2 and earl
Evolution
|
Ximian
|
Agent
|
User
|
Mail
|
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.
Buffer overflow in BRS WebWeaver 1.06 and earli
WebWeaver
|
overflow
|
Buffer
|
BRS
|
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
The built-in web servers for multiple networkin
networking
|
attribute
|
sensitive
|
plaintext
|
sessions
|
multiple
|
built-in
|
servers
|
cookies
|
devices
|
session
|
Secure
|
server
|
cause
|
agent
|
those
|
which
|
HTTPS
|
could
|
over
|
same
|
HTTP
|
user
|
send
|
not
|
web
|
set
|
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
Cross-site scripting (XSS) vulnerability in Nih
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
SQL injection vulnerability in addentry.php in
vulnerability
|
addentryphp
|
user-agent
|
arbitrary
|
attackers
|
parameter
|
injection
|
versions
|
possibly
|
commands
|
Woltlab
|
Burning
|
execute
|
remote
|
allows
|
other
|
Book
|
Gold
|
111e
|
SQL
|
via
|
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
Buffer overflow in the cmdIS.DLL plugin for AN
User-Agent
|
attackers
|
arbitrary
|
cmdISDLL
|
overflow
|
request
|
execute
|
Server
|
Buffer
|
plugin
|
remote
|
allows
|
header
|
HTTPD
|
long
|
code
|
142n
|
HTTP
|
via
|
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
SQL injection vulnerability in index.php for Me
vulnerability
|
MercuryBoard
|
injection
|
indexphp
|
SQL
|
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Stack-based buffer overflow in the NMAP Agent f
Stack-based
|
arbitrary
|
possibly
|
versions
|
overflow
|
execute
|
earlier
|
command
|
NetMail
|
allows
|
buffer
|
Novell
|
users
|
Agent
|
local
|
long
|
name
|
user
|
NMAP
|
352C
|
code
|
via
|
Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command.
SQL injection vulnerability in Quicksilver Foru
vulnerability
|
Quicksilver
|
injection
|
before
|
Forums
|
SQL
|
SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.
Cross-site scripting (XSS) vulnerability in gbo
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field.
The CAPTCHA functionality in php-Nuke 6.0 throu
challenge/response
|
functionality
|
php-Nuke
|
through
|
CAPTCHA
|
based
|
Agent
|
pairs
|
fixed
|
uses
|
User
|
only
|
vary
|
once
|
per
|
day
|
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
SQL injection vulnerability in WordPress 1.5.2,
vulnerability
|
WordPress
|
injection
|
SQL
|
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.
SSH Tectia Management Agent 2.1.2 allows local
Management
|
Tectia
|
Agent
|
SSH
|
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
Cross-site scripting (XSS) vulnerability in adm
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 91) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable.
Software vulnerabilities results 1 to 20 of 2009
Page:
1
2
3
4
5
...
101
►