version software vulnerabilities
vulnerabilities.aspcode.net
Searching version software vulnerabilities
Buffer overflow in NCSA WebServer (version 1.5c
WebServer
|
overflow
|
Buffer
|
NCSA
|
Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.
NetWare version of LaserFiche stores usernames
administrative
|
unencrypted
|
LaserFiche
|
passwords
|
usernames
|
changes
|
without
|
logging
|
NetWare
|
version
|
stores
|
allows
|
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
The demo version of the Quakenbush NT Password
Quakenbush
|
Appraiser
|
plaintext
|
passwords
|
Password
|
network
|
version
|
across
|
sends
|
demo
|
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
A service may include useful information in its
information
|
function
|
service
|
include
|
banner
|
useful
|
help
|
may
|
its
|
A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities.
Hummingbird Exceed X version 5 allows remote at
Hummingbird
|
malformed
|
attackers
|
service
|
version
|
denial
|
Exceed
|
allows
|
remote
|
cause
|
port
|
data
|
via
|
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
Development version of Breeze Network Server al
configbreeze
|
Development
|
attackers
|
accessing
|
Network
|
version
|
program
|
reboot
|
Breeze
|
system
|
allows
|
Server
|
remote
|
cause
|
CGI
|
Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program.
E-mail client in Softarc FirstClass Internet Se
FirstClass
|
Internet
|
Softarc
|
Server
|
E-mail
|
client
|
E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords in cleartext in the files (1) home.fc for version 5.506, (2) network.fc for version 3.5, or (3) FCCLIENT.LOG when logging is enabled.
IBM DB2 Universal Database version 6.1 allows u
Universal
|
malformed
|
Database
|
service
|
version
|
denial
|
allows
|
query
|
users
|
cause
|
IBM
|
DB2
|
via
|
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
htcgibin.exe in Lotus Domino server 5.0.9a and
htcgibinexe
|
configured
|
determine
|
generates
|
attackers
|
NoBanner
|
setting
|
request
|
version
|
earlier
|
number
|
server
|
Domino
|
remote
|
allows
|
Lotus
|
509a
|
HTTP
|
via
|
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
Lotus Domino 5.0.9a and earlier, even when conf
'DominoNoBanner=1'
|
non-existent
|
information
|
configured
|
attackers
|
sensitive
|
potential
|
database
|
earlier
|
version
|
request
|
allows
|
remote
|
banner
|
option
|
obtain
|
Domino
|
which
|
leaks
|
Lotus
|
509a
|
such
|
HTTP
|
even
|
via
|
nsf
|
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
Tiny Server 1.1 allows remote attackers to caus
attackers
|
service
|
denial
|
remote
|
Server
|
allows
|
cause
|
Tiny
|
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.
VCNative for Adobe Version Cue 1.0 and 1.0.1, a
VCNative
|
Version
|
Adobe
|
Cue
|
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
VCNative for Adobe Version Cue 1.0 and 1.0.1, a
VCNative
|
Version
|
Adobe
|
Cue
|
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass Tuesday, April 27, 2004 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php.
SQL injection vulnerability in index.php in Sou
vulnerability
|
SourceWell
|
injection
|
indexphp
|
SQL
|
SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.
Buffer overflow in certain versions of South Ri
overflow
|
versions
|
certain
|
Buffer
|
River
|
South
|
Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field.
Format string vulnerability in Skulltag 0.96f a
vulnerability
|
attackers
|
Skulltag
|
earlier
|
version
|
service
|
denial
|
remote
|
Format
|
string
|
allows
|
cause
|
096f
|
via
|
Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
The VLAN Trunking Protocol (VTP) feature in Cis
Protocol
|
Trunking
|
VLAN
|
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
eZ publish before 3.8.5 does not properly enfor
publish
|
before
|
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.
Eval injection vulnerability in environment.php
environmentphp
|
vulnerability
|
injection
|
Download
|
Olate
|
Eval
|
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
Software vulnerabilities results 1 to 20 of 266
Page:
1
2
3
4
5
...
14
►