Searching verification software vulnerabilities

Internet Explorer 5.5 and earlier does not prop

vulnerability | Verification" | information | operators | different | Explorer | Internet | properly | browser | certain | earlier | variant | sending | "Frame | client | within | window | verify | domain | allows | remote | frame | local | which | files | does | read | site | not | web | aka |

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.


Internet Explorer 5.5 and earlier does not prop

MSScriptControlScriptControl | vulnerability | Verification" | information | operators | different | GetObject | Explorer | Internet | properly | certain | variant | earlier | sending | browser | client | within | window | verify | domain | allows | remote | "Frame | using | local | files | which | frame | site | does | read | not | aka | web |

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.


Microsoft Internet Explorer 5.5 and 6.0 does no

Verification | executable | attackers | Microsoft | properly | Internet | Explorer | browser | objects | remote | client | "Cross | Object | invoke | within | domain | verify | window | allows | which | files | frame | does | read | Tag" | not | via | tag | aka |

Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."


Internet Explorer 5.5 and 6.0 allows remote att

cross-domain | Verification | information | attackers | Explorer | Methods" | possibly | Internet | security | execute | domains | methods | objects | allows | "Cross | access | cached | system | Domain | bypass | remote | other | local | model | code | via | aka |

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."


The Google toolbar 1.1.58 and earlier allows re

toolbar | Google |

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.


Stack-based buffer overflow in Exim 3.35, and o

Stack-based | overflow | buffer | Exim |

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.


The DSS verification code in Dropbear SSH Serve

verification | Dropbear | Server | before | code | DSS | SSH |

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.


X.509 Certificate Signature Verification in Gnu

Verification | Certificate | transport | Signature | security | library | layer | X509 | Gnu |

X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.


Multiple unknown vulnerabilities in netapplet i

vulnerabilities | verification" | privileges | netapplet | Multiple | [being] | related | without | scripts | unknown | Desktop | network | passed | Novell | input | allow | Linux | local | "User | users | gain | root |

Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."


Off-by-one error in the mod_ssl Certificate Rev

Certificate | Revocation | Off-by-one | mod_ssl | error | List |

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.


The automatic update feature in Google Talk all

attackers | automatic | feature | service | remote | denial | Google | update | allows | cause | Talk |

The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.


gpgv in GnuPG before 1.4.2.1, when using unatte

before | GnuPG | gpgv |

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".


Multiple SQL injection vulnerabilities in MyBB

vulnerabilities | injection | Multiple | MyBB | SQL |

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.


enter.asp in Mini-Nuke 2.3 and earlier makes it

verification | parameter | gguvenlik | attackers | Mini-Nuke | immutable | guvenlik | attacker | bypasses | guessing | password | enterasp | earlier | assumed | because | setting | conduct | attacks | easier | remote | hidden | which | value | makes | same | step |

enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.


OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8

OpenSSL |

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.


The Security Framework in Apple Mac OS X 10.4 t

Framework | Security | Apple | Mac |

The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.


Unspecified vulnerability in the sshd Privilege

authentication | vulnerability | verification | Unspecified | Separation | successful | attackers | Privilege | Monitor | OpenSSH | bypass | causes | before | weaker | might | allow | which | sshd | been | has |

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of Wednesday, November 08, 2006, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.


Macrovision InstallAnywhere Enterprise before 8

InstallAnywhere | Macrovision | Enterprise | before |

Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.


Unrestricted file upload vulnerability in sitex

vulnerability | verification | Unrestricted | attackers | arbitrary | extension | filename | double | avatar | upload | allows | remote | phpjpg | saved | sitex | fails | which | code | file | such | PHP | via |

Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.


member.php in MyBB (aka MyBulletinBoard), when

memberphp | MyBB |

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.


Software vulnerabilities results 1 to 20 of 29     
Page: 12