Ubuntu USN-856-1 (cupsys)

The remote host is missing an update to cupsys announced via advisory USN-856-1. OpenVAS Vulnerability Test $Id: ubuntu8561.nasl 8616 2018-02-01 08:24:13Z cfischer $ $Id: ubuntu8561.nasl 8616 2018-02-01 08:24:13Z cfischer $ Description: Auto-generated from advisory USN-856-1 cupsys Authors: Thoma...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of 1 urn:SetOptions for autostart, 2 urn:SetDesktopSync for file upload, or 3...

CVE-2009-3022

Cross-site request forgery CSRF vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors...

CVE-2009-3022

Cross-site request forgery CSRF vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors...

bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery

Overview bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC...

Design/Logic Flaw

Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...

CVE-2009-1167

Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...

CVE-2009-1167

CVE-2009-1167 affects Cisco Wireless LAN Controllers (WLC). A remote attacker can send crafted HTTP/HTTPS requests to an administrative interface to perform unauthorized configuration changes. Affected firmware: 4.x prior to 4.2.205.0 and 5.x prior to 5.2.191.0, across WLCs and related modules. C...

Code injection

Unspecified vulnerability in nepa-design.de Spam Protection ndantispam extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors...

CVE-2008-6690

Technical details about CVE-2008-6690 are not publicly disclosed in the provided documents. No concrete affected products, root cause, or remediation are present here. Monitor for updates from CVE sources and connected advisories.

Sun Java System Identity Manager多个安全漏洞

BUGTRAQ ID: 34191 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Sun Java System Identity Manager（IdM）受多个安全漏洞影响，具体如下： 由于没有使用SSL加密某些连接，远程非特权用户可以非授权访问客户端与IdM服务器之间所传输的数据（17763）。 本地或远程非特权用户可以判断是否存在有效的IdM帐号名（18052，18104）。 在IdM服务器上拥有帐号的用户可以更改其他IdM帐号的口令（18578）。...

CVE-2008-6449

Cross-site request forgery CSRF vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors...

CVE-2008-6449

Cross-site request forgery CSRF vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors...

CVE-2008-6449

CVE-2008-6449 affects Century Systems XR routers (XR-410, XR-510, XR-440, XR-730 family). The vulnerability is a CSRF flaw that lets an attacker cause configuration changes on an authenticated admin session via unknown vectors. Impact is that an administrator’s web-configured settings could be mo...

Nortel Switched Firewall产品SNMPv3 HMAC验证绕过漏洞

CNCAN ID：CNCAN-2008091606 Nortel Switched Firewall是一款交换式防火墙产品。 Nortel Switched Firewall不正确处理伪造的SNMPv3报文，远程攻击者可以利用漏洞绕过验证查看和修改设备配置。 SNMPv3的使用keyed-Hash Message Authentication Code HMAC进行验证，构建伪造的SNMPv3报文可绕过验证，读取和修改设备中的任意SNMP对象，导致设备的配置被泄漏和修改。 Nortel Switched Firewall 5100 Series Nortel Switched...

SNMPv3 improper HMAC validation allows authentication bypass

Overview A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. Description SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and...

linksyswrh54g-dos.txt

DESCRIPTION There is a DoS vulnerability in Cisco Linksys router WRH54G http service. Any anonymous attacker could crash the http service easily by sending a malformed http request, and needn't any privilege. When the device attempts to process the malformed request, it will be possible to...

Directory traversal

plugins/maps/dbhandler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into t...

Design/Logic Flaw

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi...