Searching validation software vulnerabilities

Forms.exe CGI program in ValiCert Enterprise Va

Enterprise | Validation | Authority | ValiCert | Formsexe | program | CGI |

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.


Lotus Domino Web Server (nhttp.exe) before 6.0.

Server | Domino | Lotus | Web |

Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.


The eay_check_x509cert function in KAME Racoon

eay_check_x509cert | authentication | successfully | certificates | validation | attackers | function | verifies | OpenSSL | remote | Racoon | bypass | allow | fails | which | could | KAME | even |

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.


The Microsoft .NET forms authentication capabil

authentication | directories | capability | containing | restricted | attackers | Microsoft | request | bypass | allows | remote | ASPNET | forms | files | aspx | NET | via |

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."


Unknown vulnerability in ImagePage for MediaWik

vulnerability | MediaWiki | ImagePage | Unknown |

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.


Unknown "major security flaws" in Ulog-php befo

vulnerabilities | validation | injection | probably | Ulog-php | security | Unknown | vectors | related | attack | impact | before | flaws" | "major | input | have | SQL |

Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.


GIF file validation error in MSN Messenger 6.2

validation | arbitrary | Messenger | attackers | improper | contact | execute | height | user's | allows | remote | error | image | width | file | code | list | GIF | via | MSN |

GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.


Unknown vulnerability in Microsoft Jet DB engin

vulnerability | Microsoft | Unknown | engine | Jet |

Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.


Gamespy cd-key validation system allows remote

validation | attackers | Gamespy | service | denial | remote | system | cd-key | allows | cause |

Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.


Heap-based buffer overflow in CoreFoundation in

CoreFoundation | Heap-based | overflow | Server | buffer | Mac |

Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."


A "missing request validation" error in phpBB 2

validation" | "missing | request | before | phpBB | error |

A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.


Unspecified vulnerability in FreeRADIUS 1.0.0 u

vulnerability | Unspecified | FreeRADIUS |

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.


Apache Software Foundation (ASF) Struts before

Foundation | Software | Apache |

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.


Cross-site scripting (XSS) vulnerability in Bla

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."


Multiple unspecified vulnerabilities in form in

vulnerabilities | unspecified | web-apporg | validation | Multiple | before | WebAPP | input | form |

Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters."


SQL injection vulnerability in VirtueMart befor

vulnerability | VirtueMart | injection | before | SQL |

SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.


SQL injection vulnerability in index.php in Gam

GameSiteScript | vulnerability | injection | indexphp | SQL |

SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.


Apple iPhone 1.1.1, with Bluetooth enabled, all

iPhone | Apple |

Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.


OWASP Stinger before 2.5 allows remote attacker

form-urlencoded | validation | multipart | attackers | routines | requests | Stinger | instead | encoded | allows | before | bypass | remote | OWASP | input | using |

OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.


Software vulnerabilities results 1 to 20 of 60     
Page: 1234