verifies software vulnerabilities
vulnerabilities.aspcode.net
Searching verifies software vulnerabilities
The digital signature mechanism for the Adobe A
executable
|
arbitrary
|
attackers
|
certified
|
signature
|
mechanism
|
verifies
|
plug-in
|
digital
|
Acrobat
|
execute
|
making
|
viewer
|
appear
|
signed
|
header
|
Adobe
|
which
|
allow
|
mode
|
only
|
code
|
PDF
|
can
|
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
The file extension check in GNUBoard 3.40 and e
extension
|
GNUBoard
|
check
|
file
|
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
FlatNuke 2.5.6 verifies authentication credenti
FlatNuke
|
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
427BB 2.2 and 2.2.1 verifies authentication cre
427BB
|
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
Ipswitch WhatsUp Professional 2006 only verifie
Professional
|
Ipswitch
|
WhatsUp
|
Ipswitch WhatsUp Professional 2006 only verifies the users identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
The crypto provider in Sun Solaris 10 3/05 HW2
applications
|
incorrectly
|
platforms
|
121236-01
|
detecting
|
signature
|
verifies
|
provider
|
modified
|
Solaris
|
without
|
prevent
|
running
|
crypto
|
which
|
might
|
T2000
|
patch
|
data
|
3/05
|
Fire
|
been
|
has
|
HW2
|
DSA
|
Sun
|
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
Software vulnerabilities results 1 to 8 of 8
Page:
1