3229 matches found
CVE-2011-0650
Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...
CVE-2011-0018
The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...
Cross site request forgery (csrf)
The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...
CVE-2011-0650
CVE-2011-0650 concerns Greenbone Security Assistant (GSA) prior to 2.0+rc3. The issue is a CSRF vulnerability that allows an attacker to hijack the user’s authenticated session to issue OMP requests to OpenVAS Manager (e.g., sending email). This is tied to exploitation of CVE-2011-0018 via the GS...
CVE-2011-0650
Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...
[security bulletin] HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor (sd), Local Privilege Increase, Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02285980 Version: 1 HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor sd, Local Privilege Increase, Unauthorized Access NOTICE: The information in this Security Bulletin should be...
[security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01832652 Version: 1 HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace2, Local Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release...
[security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01835108 Version: 1 HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02181353 Version: 1 HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting XSS, Denial of Service DoS NOTICE: The information in this Security...
The Coming Wave of Mobile Attacks
The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for...
Mac OS X Security Update 2009-001
The remote host is missing Security Update 2009-001. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Nine days of self-help built Station system Xday-vulnerability warning-the black bar safety net
Keywords: inurl:/regTemletSel. asp? step=2 Or E-Commerce self-help built Station-your ideal assistant Use method: 1 registered 2 web site management---resource management---upload hackqing. asp;qing.jpg 3get a webshell Special case: 1. the forced name change 2. the iis parsing vulnerability is...
[security bulletin] HPSBMA02490 SSRT090222 rev.1 - HP SOA Registry Foundation, Remote Unauthorized Access to Data, Cross Site Scripting (XSS), Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02037890 Version: 1 HPSBMA02490 SSRT090222 rev.1 - HP SOA Registry Foundation, Remote Unauthorized Access to Data, Cross Site Scripting XSS, Privilege Escalation NOTICE: The information in this...
[security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02033170 Version: 1 HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands NOTICE: The information in this Security Bulletin should be acted upon as soon a...
[security bulletin] HPSBMA02252 SSRT061258, SSRT061259 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01124817 Version: 1 HPSBMA02252 SSRT061258, SSRT061259 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acte...
[security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01943614 Version: 1 HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege NOTICE: The information in this Security Bulletin should be act...
CVE-2009-4201
Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the 1 ID3v1, 2 ID3v2, or 3 APEv2 metadata field...
Stack overflow
Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the 1 ID3v1, 2 ID3v2, or 3 APEv2 metadata field...
CVE-2009-4201
The CVE-2009-4201 entry concerns Mp3 Tag Assistant Professional 2.92 build 300, which contains multiple stack-based buffer overflows in the MP3 metadata parsing logic. Specifically, overflows occur when processing long strings in ID3v1, ID3v2, or APEv2 metadata fields, enabling remote attackers t...