Searching which software vulnerabilities

A system is operating in "promiscuous" mode whi

"promiscuous" | operating | sniffing | perform | allows | system | packet | which | mode |

A system is operating in "promiscuous" mode which allows it to perform packet sniffing.


The netstat service is running, which provides

information | sensitive | attackers | provides | service | netstat | running | remote | which |

The netstat service is running, which provides sensitive information to remote attackers.


Microsoft FrontPage stores form results in a de

/_private/form_resultstxt | world-readable | information | accessible | attackers | FrontPage | Microsoft | sensitive | submitted | possibly | document | location | results | default | remote | stores | allows | users | which | other | root | read | form |

Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.


The "AEDebug" registry key is installed with in

automatically | permissions | installed | "AEDebug" | executed | debugger | registry | insecure | specify | Trojan | modify | system | allows | crash | local | which | Horse | users | key |

The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.


Lotus cc:Mail release 8 stores the postoffice p

Lotus |

Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.


NBase switches NH208 and NH215 run a TFTP serve

attackers | switches | software | service | updates | remote | denial | switch | modify | server | allows | cause | NH215 | NH208 | NBase | which | send | TFTP | run |

NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.


OpenSSL 0.9.4 and OpenSSH for FreeBSD do not pr

OpenSSL |

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.


Borderware Firewall Server 6.1.2 allows remote

Borderware | Firewall | Server |

Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.


The Lucent Closed Network protocol can allow re

transmitted | attackers | networks | protocol | 'Network | Network | secret | access | shared | remote | Closed | Lucent | clear | Name' | which | allow | used | SSID | they | join | have | can | not |

The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.


WebX stores authentication information in the H

authentication | HTTP_REFERER | information | attackers | bulletin | messages | sessions | included | variable | remote | posted | stores | hijack | within | could | allow | which | links | users | board | user | WebX | URL |

WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.


PalmVNC 1.40 and earlier stores passwords in pl

PalmVNC |

PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges.


The ext3 code in Linux 2.4.x before 2.4.26 does

before | Linux | ext3 | code | 24x |

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.


Juniper JUNOS 5.x through JUNOS 7.x allows remo

attackers | through | Juniper | service | denial | allows | remote | JUNOS | cause |

Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed.


Kolab stores OpenLDAP passwords in plaintext in

world-readable | privileges | slapdconf | installed | plaintext | passwords | OpenLDAP | allows | stores | users | local | which | Kolab | gain | file | may |

Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.


Lightspeed DeluxeFTP 6.01 stores usernames and

Lightspeed | DeluxeFTP |

Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.


FTP Now 2.6.14 stores usernames and passwords i

Now | FTP |

FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.


Oracle Formsbuilder 9.0.4 stores database usern

Formsbuilder | Oracle |

Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.


Ultimate PHP Board (UPB) 1.9.6 and earlier uses

Ultimate | Board | PHP |

Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.


ScriptsCenter ezUpload Pro 2.2.0 allows remote

ScriptsCenter | ezUpload | Pro |

ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.


The Visionsoft Audit on Demand Service (VSAOD)

Visionsoft | Service | Demand | Audit |

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.


Software vulnerabilities results 1 to 20 of 6216     
Page: 12345...311