641 matches found
Tridium Niagara Vulnerabilities
OVERVIEW --------- Begin Update A Part 1 of 2 -------- This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Debian Security Advisory DSA 2264-1 (linux-2.6)
The remote host is missing an update to linux-2.6 announced via advisory DSA 2264-1. OpenVAS Vulnerability Test $Id: deb22641.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2264-1 linux-2.6 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2264-1 : linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2524 David Howells reported an issue in the Common...
[SECURITY] [DSA 2264-1] linux-2.6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2264-1 [email protected] http://www.debian.org/security/ dann frazier June 18, 2011 http://www.debian.org/security/faq -...
DSA-2264-1 linux-2.6 - several issues
Bulletin has no description...
[SECURITY] [DSA 2240-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq -...
DSA-2240-1 linux-2.6 - several issues
Bulletin has no description...
CVE-2011-0506
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to execute arbitrary code via a .. dot dot in the aXconfdefaultlanguage parameter...
Directory traversal
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to execute arbitrary code via a .. dot dot in the aXconfdefaultlanguage parameter...
CVE-2011-0506
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to execute arbitrary code via a .. dot dot in the aXconfdefaultlanguage parameter...
Ax Developer CMS 'user.php' Local File Include Vulnerability
Ax Developer CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This ma...
Ax Developer CMS <= 0.1.1 LFI Vulnerability - Active Check
Ax Developer CMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2010-3138
The CVE-2010-3138 issue affects Microsoft Windows XP SP3 with the Indeo Codec (iac25_32.ax) loading an insecure library (iacenc.dll) from the current working directory, enabling local privilege escalation via crafted .avi/.mka/.ra/.ram files (e.g., through players like BS.Player or Media Player C...
Debian DSA-1915-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak
Notice: Debian 5.0.4, the next point release of Debian 'lenny', will include a new default value for the mmapminaddr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as 'NULL pointer dereference' vulnerabilities, but it will need to be...
CVE-2010-0607
Cross-site scripting XSS vulnerability in Forms/statusstatistics1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the StatRadio parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Forms/statusstatistics1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the StatRadio parameter...