473 matches found
Local Privilege Escalation Vulnerability in Symantec Endpoint Protection
US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain ful...
PostNuke 0.6x/0.7x NS-Languages Module language Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to...
123 Flash Chat 5.0 - Remote Code Injection Weakness
No description provided by source. source: http://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to tak...
PostNuke 0.6x/0.7x NS-Languages Module language Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to...
Check Point response to "Bypassing Application Control"
...
Cisco Application Control Engine Login Administrator IP Address Overlap (cisco-sa-20120620-ace)
The Cisco Application Control Engine ACE software installed on the remote Cisco IOS device is earlier than A42.3 / A51.1. It, therefore, potentially does not properly share a management IP address among multiple contexts when multicontext mode is enabled. This might allow an administrative user t...
Cisco Application Control Engine (ACE) Version
Cisco Application Control Engine ACE software is installed on the remote Cisco IOS or ACE device. It is a load-balancing and application-delivery solution for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers, and it is also available as an appliance. TRUSTED...
Check Point response to 'SSH encapsulated in DNS traffic is not detected by Application Control'
...
Ruby on Rails Active Record组件SQL注入漏洞(CVE-2012-6496)
CVE ID:CVE-2012-6496 Ruby on Rails是一款Web应用程序框架,构建在Ruby语言之上。 Ruby on Rails Active Record组件存在一个SQL注入漏洞,允许攻击者利用"findby"方法进行SQL注入攻击,可获得敏感信息或控制应用系统。 0 Ruby on Rails 3.0.x Ruby on Rails 3.1.x Ruby on Rails 3.2.x 厂商解决方案 Ruby on Rails 3.0.18,3.1.9和3.2.10已经修复此漏洞,建议用户下载使用: http://www.ruby-lang.org...
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40 / R75.40VS / R75.45 / R75.46 / E80.41
...
Ruijie Application Control engine of the management server can increase user-vulnerability warning-the black bar safety net
Ruijie Application Control engine of the management server, the RG-ACE series Application Control engine of the management server V3. 1. 3 6. 0 0 1, The Official Website of the connection http://www.ruijie.com.cn/service/down-search.aspx the display is the latest version according to not authorit...
Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Elite Bulletin Board, which can be exploited to perform SQL injection attacks. 1 Multiple SQL injection vulnerabilities in Elite Bulletin Board: CVE-2012-5874 The vulnerabilities exist due to insufficient sanitation of...
Check Point response to 'Bypassing application control SSH detection'
...
CVE-2012-4593
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command...
Authentication flaw
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command...
CVE-2012-4593
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command...
CVE-2012-4593
McAfee Application Control and Change Control 5.1.x and 6.0.0 are affected by an authentication bypass vulnerability. The issue arises because the product does not enforce an intended password requirement in certain situations involving attributes of the password file, allowing local users to byp...
Checkpoint Abra - Vulnerabilities
Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...
Checkpoint Abra - Multiple Vulnerabilities
Check Point Abra Vulnerabilities Author: Belov V., Komarov A. Group-IB, http://group-ib.ru Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Summary: Che...
Check Point Abra安全限制绕过和信息泄露漏洞
BUGTRAQ ID: 54360 Check Point Abra可把一台普通PC变为受到全面保护的公司电脑。用户使用Abra,可随时随地、不论离线或在线,通过虚拟专用网(VPN)连接来访问公司电子邮件、文件和应用程序。Abra可在任何一台PC上自动运行,并且利用介质加密来保护U盘内的数据安全。 Check Point Abra在实现上存在安全限制绕过和信息泄露漏洞,成功利用后可允许攻击者获取敏感信息和绕过某些安全限制。 0 Check Point Software Abra 厂商补丁: Check Point Software --------------------...