Searching using software vulnerabilities

finger allows recursive searches by using a lon

recursive | searches | symbols | string | allows | finger | using | long |

finger allows recursive searches by using a long string of @ symbols.


Denial of service in Cisco IOS web server allow

attackers | service | allows | router | reboot | server | Denial | using | Cisco | long | URL | IOS | web |

Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL.


Remote attackers can access mail files via POP3

passwords | attackers | systems | shadow | Remote | access | Linux | using | files | mail | some | POP3 | can | via |

Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords.


In IIS, an attacker could determine a real path

non-existent | interpreted | determine | attacker | request | would | using | could | Perl | path | real | IIS | URL |

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .


Local users can perform a denial of service in

perform | service | denial | reboot | Linux | using | force | users | Local | Alpha | MILO | can |

Local users can perform a denial of service in Alpha Linux, using MILO to force a reboot.


Remote attackers can crash Lynx and Internet Ex

attackers | parameter | Internet | Explorer | Remote | width | large | using | crash | Lynx | can | IMG | tag |

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.


The Webcom CGI Guestbook programs wguest.exe an

"template" | wguestexe | rguestexe | arbitrary | parameter | Guestbook | attacker | programs | Webcom | remote | using | files | allow | read | CGI |

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter.


A remote attacker can gain access to a file sys

attacker | system | access | remote | using | file | gain | can |

A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.


An unrestricted remote trust relationship for U

/etc/hostsequiv | relationship | unrestricted | systems | remote | using | trust | sign | Unix | been | set | has |

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.


Windows NT is not using a password filter utili

PASSFILTDLL | password | utility | Windows | filter | using | not |

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.


Unknown vulnerability in login for AIX 5.1L, wh

authentication | vulnerability | attackers | loadable | Unknown | modules | remote | access | system | allows | login | using | gain | AIX | 51L |

Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.


Adobe eBook Reader 2.1 and 2.2 allows a user to

appropriate | encryption | activation | capturing | Challenge | generate | function | systems | feature | backup | allows | Reader | eBooks | eBook | using | other | Adobe | code | copy | user | hash |

Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code.


Progress Database 9.1 to 9.1D06 trusts user inp

privileges | libraries | Database | Progress | allows | trusts | dlopen | which | users | local | input | 91D06 | using | gain | user | find | load | via |

Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.


Internet Explorer 6 SP1 and earlier allows remo

restrictions | attackers | arbitrary | Explorer | Internet | earlier | bypass | remote | allows | files | read | zone | SP1 |

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.


Internet Explorer 6 SP1 and earlier allows remo

restrictions | attackers | Internet | Explorer | earlier | bypass | allows | remote | zone | SP1 |

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.


The mod_ssl module in Apache 2.0.35 through 2.0

mod_ssl | Apache | module |

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.


NETGEAR FVS318 running firmware 2.4, and possib

demonstrated | attackers | extension | versions | possibly | firmware | encoded | running | NETGEAR | filters | FVS318 | remote | allows | bypass | using | other | file | URLs | hex |

NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.


MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.1

MySQL |

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.


The FTP server in AS/400 4.3, when running in I

demonstrated | information | attackers | sensitive | symlink | running | QSYSLIB | library | utility | ADDLNK | attack | server | remote | allows | AS/400 | obtain | using | mode | RCMD | FTP | IFS | via |

The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.


The dupfdopen function in sys/kern/kern_descrip

sys/kern/kern_descripc | descriptors | arbitrary | dupfdopen | /dev/fd/ | programs | function | re-open | OpenBSD | setuid | allows | access | local | users | using | files | file |

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.


Software vulnerabilities results 1 to 20 of 1039     
Page: 12345...52