Lucene search
K

3675 matches found

NVD
NVD
added 2009/08/25 10:30 a.m.8 views

CVE-2008-7081

userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

10CVSS7AI score0.02239EPSS
Exploits0References2
Cvelist
Cvelist
added 2009/08/25 10:0 a.m.14 views

CVE-2008-7081

userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

7AI score0.02239EPSS
Exploits0References2
CVE
CVE
added 2009/08/25 10:0 a.m.36 views

CVE-2008-7081

The CVE-2008-7081 entry concerns RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1. The described vulnerability allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. This is a network-accessible issue with complete confidentiality...

10CVSS7.2AI score0.02239EPSS
Exploits0References2Affected Software1
myhack58
myhack58
added 2009/08/06 12:0 a.m.17 views

Examples teach you to understand the net horse-vulnerability warning-the black bar safety net

The main code is as follows: SCRIPT language=”JavaScript” window. status=”completed”; evalfunctionp,a,c,k,e,de=functioncreturn c. toString3 6;if!”. replace/^/,Stringwhilec–dc. toStringa=kc||c. toStringak=functionereturn de;e=functionreturn’\\w+’;c=1;whilec–ifkcp=p. replacenew...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/06/30 12:0 a.m.1626 views

SIPS v0.2.2 Remote File Inclusion Vulnerability

/=============================================================================================================================================== | | o SIPS v0.2.2 Remote File Inclusion Vulnerability | | Software : SIPS v0.2.2 | Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2009/06/29 1:33 p.m.7 views

Is It Time to Stop Password Masking?

From SANS AppSec Street Fighter Blog Jason Montgomery I just ran across Jakob Nielsen‘s Alert Box post titled Stop Password Masking and wanted to provide some feedback from a security vs. usability perspective. I have great respect for Nielsen’s contribution to the usability of the web. Back in t...

0.2AI score
Exploits0References7
RedHat Linux
RedHat Linux
added 2009/06/25 3:7 p.m.6 views

Firefox browser engine crashes

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...

9.3CVSS6.2AI score0.09282EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/06/19 12:0 a.m.29 views

openSUSE 10 Security Update : seamonkey (seamonkey-6310)

The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 bmo460090,485217 Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with...

10CVSS9AI score0.10464EPSS
Exploits6References12
seebug.org
seebug.org
added 2009/05/14 12:0 a.m.13 views

MRCGIGUY Message Box 1.0 Insecure Cookie Handling Vuln

No description provided by source. --------------------------------------------------------------- --------------------------------------------------------------- Message Box Version 1.0 Insecure Cookie Handling Vulnerability --------------------------------------------------------------- Founder...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/05/14 12:0 a.m.15 views

MRCGIGUY Message Box 1.0 - Insecure Cookie Handling

MRCGIGUY Message Box 1.0 - Insecure Cookie Handling --------------------------------------------------------------- --------------------------------------------------------------- Message Box Version 1.0 Insecure Cookie Handling Vulnerability...

0.6AI score
Exploits0
0day.today
0day.today
added 2009/05/14 12:0 a.m.21 views

MRCGIGUY Message Box 1.0 Insecure Cookie Handling Vuln

Exploit for unknown platform in category web applications ====================================================== MRCGIGUY Message Box 1.0 Insecure Cookie Handling Vuln ====================================================== --------------------------------------------------------------- Message Bo...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/14 12:0 a.m.28 views

MRCGIGUY Message Box 1.0 - Insecure Cookie Handling

--------------------------------------------------------------- --------------------------------------------------------------- Message Box Version 1.0 Insecure Cookie Handling Vulnerability --------------------------------------------------------------- Founder : TiGeR-Dz...

7.4AI score
Exploits0
Prion
Prion
added 2009/05/06 5:30 p.m.10 views

Cross site request forgery (csrf)

Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an...

4.3CVSS6.7AI score0.01631EPSS
Exploits0References11Affected Software1
securityvulns
securityvulns
added 2009/04/24 12:0 a.m.111 views

Formshield Captcha - Older Version vulnerable to replay attacks

Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield – A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/04/22 1:40 a.m.4 views

firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)

The Internationalized Domain Names IDN blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...

5.8CVSS7.4AI score0.01497EPSS
Exploits0References4
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.42 views

URL spoofing with box drawing character — Mozilla

Bjoern Hoehrmann and security researcher Moxie Marlinspike independently reported that Unicode box drawing characters were allowed in Internationalized Domain Names IDN where they could be visually confused with punctuation used in valid web addresses. This could be combined with a phishing-type...

5.8CVSS1AI score0.01497EPSS
Exploits0References3Affected Software3
myhack58
myhack58
added 2009/03/29 12:0 a.m.16 views

6KBBS system to break the back door file-vulnerability warning-the black bar safety net

From:Dream an end Hello, I'm Dream an end. See the September the the hackers Handbook the lone water around the city, my brother wrote that article, the alarm bells ringing-the vigilant hidden in the web site behind the trap of feeling quite a lot. In this crazy Internet era, made a rookie your o...

0.1AI score
Exploits0
myhack58
myhack58
added 2009/03/19 12:0 a.m.1180 views

Bypass getimagesize()function defect-vulnerability warning-the black bar safety net

By: the superhei A lot of php code using getimagesizeto determine if your Upload file is not image, a lot of people in the Black-Box testing will be used in the php code before adding a GIF89a to bypass such code: ifgetimagesize$file print yes; else print No.; But there are many cases there are...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2009/03/12 12:0 a.m.60 views

Trellis Desk v1.0 XSS Vulnerability

This problem has been reported to the author but no action taken to resolve the issue. The search box does not sanitise data and is open to simple XSS SQL injection. file sources/article.php find around line 519 $searchstring = $this-ifthd-input'keywords'; Needs to have the following line added...

2.1AI score
Exploits0
OpenVAS
OpenVAS
added 2009/02/13 12:0 a.m.24 views

Synactis All-In-The-Box ActiveX Remote Code Execution Vulnerability

This host is installed with All-In-The-Box ActiveX and is prone to Remote Code Execution Vulnerability. OpenVAS Vulnerability Test $Id: gbsynactisallintheboxactivexcodeexecvuln.nasl 5369 2017-02-20 14:48:07Z cfi $ Synactis All-In-The-Box ActiveX Remote Code Execution Vulnerability Authors: Sujit...

9.3CVSS1.2AI score0.03644EPSS
Exploits1References3
Rows per page
Query Builder