Searching validate software vulnerabilities

Multiple RADIUS implementations do not properly

implementations | Vendor-Specific | Vendor-Length | attribute | attackers | Multiple | properly | validate | service | RADIUS | denial | remote | allows | which | cause | not |

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.


Vulnerability in FTPSRVR in HP MPE/iX 6.0 throu

Vulnerability | privileges | attackers | properly | validate | commands | through | FTPSRVR | certain | allows | MPE/iX | which | gain | does | not | FTP |

Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.


Adobe Acrobat 5 does not properly validate Java

demonstrated | JavaScript | arbitrary | documents | W32Yourde | attackers | Plug-ins | validate | properly | Acrobat | spread | folder | allows | remote | other | Adobe | virus | files | which | write | does | into | PDF | not |

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.


Safari 1.0 Beta 2 (v73) and earlier does not va

Safari | Beta |

Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.


Konqueror Embedded and KDE 2.2.2 and earlier do

Konqueror | Embedded | KDE |

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.


Unknown vulnerability in ecartis before 1.0.0 d

vulnerability | ecartis | Unknown | before |

Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.


Partition Manager (parmgr) in HP-UX B.11.23 doe

Partition | Manager |

Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.


The component for the Virtual DOS Machine (VDM)

component | Machine | Virtual | DOS |

The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.


LSASS (Local Security Authority Subsystem Servi

LSASS |

LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.


The Indexing Service for Microsoft Windows XP a

Microsoft | Indexing | Windows | Service | Server |

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.


Java Secure Socket Extension (JSSE) 1.0.3 throu

Extension | Socket | Secure | Java |

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.


Java 2 Micro Edition (J2ME) does not properly v

Edition | Micro | Java |

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.


Windows 2000, XP, and Server 2003 does not prop

Windows |

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."


TikiWiki before 1.8.5 does not properly validat

TikiWiki | before |

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.


useredit_account.wdm in Alt-N WebAdmin 3.0.4 do

useredit_accountwdm | WebAdmin | Alt-N |

useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.


BEA WebLogic Server and WebLogic Express 8.1 SP

PrincipalValidators | Principals | privileges | attackers | properly | validate | multiple | WebLogic | derived | Express | earlier | Server | might | allow | which | gain | BEA | not | SP5 | SP4 |

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.


The XULDocument.persist function in Mozilla, Fi

XULDocumentpersist | function | Firefox | Mozilla | before |

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.


Tor before 0.1.1.20 uses improper logic to vali

before | Tor |

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.


com_categories in Joomla! before 1.0.12 does no

com_categories | before | Joomla |

com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.


Babo Violent 2 2.08.00 does not validate the se

Violent | Babo |

Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages.


Software vulnerabilities results 1 to 20 of 127     
Page: 12345...7