The HTC Mail application on Android stores passwords base64 encoded after swapping around odd and even characters.
cd777a6e10b882607b3ed5cd45885bb7
The Microsoft NetMeeting application insufficiently validates received data opening a possibility to overwrite portions of application memory causing exceptions ranging from null-pointer access to a possible code execution. Version 3.01 has been found vulnerable.
05c8e326317457e4534ec05e4544dbea
HEXVIEW*2006*03*14*1 - A vulnerability exists in Microsoft Excel which can be exploited to run a code of attacker's choice on user's PC.
3ad4bcdd8445cb26f5ecd94176784539
A vulnerability exists in Microsoft Excel which can be exploited to run a code of attacker's choice on user's PC. Sufficient data validation is not performed when parsing "Named Range" definitions in the document file, which makes it possible to produce a negative 32-bit value that is later used as a length parameter for the msvcrt.memmove() function. As a result, a large chunk of memory is copied overwriting critical memory ranges, including the stack space. All tests were performed using Microsoft Excel 2003 (11.6560.6568) on Windows XP and Windows 2000 Pro platforms. It is likely that all MS Excel products are vulnerable.
b16e2b0f4e9f88a71662e71adb50785f
Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow for cross site scripting, arbitrary file viewing, and more.
0141ab41c52cc6abce80546c79028baf
The Microsoft Jet DB engine suffers from various vulnerabilities that can lead to arbitrary code execution.
07569b442689f6321084ec13a32d0576
Multiple versions of the Merak Mail Server with Icewarp Web Mail suffer from various flaws. Included are cross site scripting, path disclosure, arbitrary file manipulation/access, and weak password encryption vulnerabilities.
22281f06d752d9deb5bb3663a37d1d5c
Symantec LiveUpdate is susceptible to compressed archive attacks known as zip bombing.
bbe97d4e3a80efbbd9bcbac09a1d69d6
Zip console application by Info-Zip is susceptible to a buffer overflow condition that can be triggered and exploited during a recursive compression operation.
a935cf0a01b3ad7007cda55353b3743f
A specially crafted WAV file can cause the WAV file property handler to consume all available CPU resources on Windows XP.
91b5dc8704dc9b548d58a9504b914f54
Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized). It is also possible to execute code embedded by the attacker. It should be mentioned that Blackberry developers tools are freely available.
0ab1d272979d28e35ab52f6a0eb5fac6
Microsoft Word is susceptible to having an exception triggered due to a lack of sufficient data validation when winword.exe parses a document file. Two types of exceptions can be triggered, with the second being possibly exploitable.
cbd11131090e3133d081b6ca58e80bcd
BlackIce Server Protect versions 3.6cno and below from Internet Security Systems installs a firewall ruleset that can be removed or modified by any trusted or local unprivileged user.
0eef793b3c7c3fea0a7027ca07b5e177
Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.
eeb3ebb3e6ccc0a53b808eb6a13c65d2
A denial of service condition exists in the Microsoft SMS Client where a data packet that gets analyzed will cause the server to throw an exception while attempting to read or write an invalid memory address. Tested against: Microsoft Systems Management Server version 2.50.2726.0.
bbf3da2645436728b6cafef56500c1fa
A cross site scripting vulnerability exists in Netegrity IdentityMinder Web Edition 5.6 SP2 for Windows and Netegrity Policy Server version 5.5.
2b214c050da725dba066adffb8ca0d4f
Sending crafted packets to a 2.6 series kernel with netfilter rules matching TCP options (using the --tcp-option match) may result in a Denial of Service.
d833a45007f5ec8ad7ba3214e112fa2b
SGI Security Advisory 20040601-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which can be used to obtain root user privileges. Patches have been released for this and other issues. At this time, IRIX versions 6.5.20 to 6.5.24 are considered susceptible.
d05cb4115b395162428966046c7e70a4
SGI Security Advisory 20040507-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions the /usr/sbin/cpr binary can be forced to load a user provided library while restarting the checkpointed process which can then be used to obtain root user privileges. All versions of IRIX prior to 6.5.25 are affected.
bca7813ef568a2aec8061ef1c2246dda
SGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.
e771b7ecc64247707f40f03dc5da3f98
SGI Security Advisory 20040401-01-P - It has been reported that there are several security issues affecting ftpd on IRIX. There is an ftpd DoS that is possible during PORT mode (SGI BUG 899364) not to mention that ftpd's ftp_syslog() doesn't work with anonymous FTP (SGI BUG 909172).
7be6ff1c8fb3c76beb33200abd57a0fb
SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.
a72c97334ef625ae17f2020de747904a
SGI Security Advisory 20030901-01-P - It has been reported that under certain conditions a NFS client can avoid read-only restrictions on filesystems exported via NFS from a server running IRIX 6.5.21 and mount them in read/write mode.
158b80ac8f156a5d0d22ea50142fb208
SGI Security Advisory 20030803-01-P - A vulnerability has been reported by sendmail.org that the 8.12.8 and earlier releases shipped with a potential problem in DNS mapping that could lead to a remote denial or service or root compromise. Relatedd CVE Number: CVE-2003-0688.
2a166f4afe5f37ea2cce1777428e4770
SGI Security Advisory 20030801-01-P - It is possible to create a Denial of Service attack on the IRIX nfsd through the use of carefully crafted packets which cause XDR decoding errors. This can lead to kernel panicing the system. No local account or access to an NFS mount point is required, so this could be constructed as a remote exploit.
a98675283906a5666114c8e4e784cb4b