Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators...

CVE-2007-4017

Cross-site request forgery CSRF vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators...

Cisco Trust Agent Local Privilege Escalation Vulnerability

Cisco Trust Agent versions 2.1103 and prior contain a vulnerability when running on Apple Mac OS X that could allow an unauthenticated, local user to bypass security restrictions and gain unauthorized access to the affected system. This vulnerability exists due to improper display of user...

Design/Logic Flaw

Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information...

CVE-2007-1782

CruiseWorks 1.09e and earlier (CruiseWorks and Minna De Office) contain an access control weakness: user privileges are not properly restricted, allowing a standard-privilege user to change configurations or cause other unspecified impacts. Root cause: inadequate restriction of certain privileged...

HPSBPI02185 SSRT071290 rev.4 - HP Jetdirect Running ftp, Remote Denial of Service (DoS)

Potential Security Impact Remote Denial of Service DoS VULNERABILITY SUMMARY A potential vulnerability has been identified with HP Jetdirect running ftp. The vulnerability could be exploited remotely to create a Denial of Service DoS. RESOLUTION This vulnerability can be resolved by upgrading the...

CVE-2006-5202

Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559...

Cisco IOS VTP Integer Wrap Denial of Service Vulnerability

Cisco IOS and Cisco Catalyst OS contain an integer overflow vulnerability that could allow an authenticated, remote attacker to cause affected devices to stop processing configuration changes, possibly resulting in a denial of service DoS condition. This vulnerability exists due to an integer...

Sambar /sysadmin Vulnerability

The Sambar webserver a web interface for configuration purposes. The admin user has no password and there are some other default users without passwords. Everyone could set the HTTP-Root to c:\ and delete existing files. SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text descriptions might be...

osTicket setup.php Accessibility

The target is running at least one instance of an improperly secured installation of osTicket and allows access to setup.php. Since that script does not require authenticated access, it is possible for an attacker to modify osTicket's configuration using a specially crafted call to setup.php to...

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...

Xerox WorkCentre MicroServer Multiple Vulnerabilities (XRX05-005)

According to its model number and software version, the remote host is a Xerox WorkCentre device with an embedded web server with an unauthenticated account and a weakness in its SNMP authentication. These flaws could allow a remote attacker to bypass authentication and change the device's...

CVE-2005-1179

CVE-2005-1179 concerns Xerox MicroServer Web Server in various WorkCentre models (e.g., M35/M45/M55 with 2.028.11.000–2.97.20.032 and 4.84.16.000–4.97.20.032; Pro 35/45/55 and Pro 65/75/90 ranges listed in the description) where an SNMP authentication issue could allow remote modification of syst...

GLSA-200412-06 : PHProjekt: setup.php vulnerability

The remote host is affected by the vulnerability described in GLSA-200412-06 PHProjekt: setup.php vulnerability Martin Muench, from it.sec, found a flaw in the setup.php file. Impact : Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorized changes t...

[SA13311] Unicenter Remote Control Arbitrary URC Management Server Access Vulnerability

TITLE: Unicenter Remote Control Arbitrary URC Management Server Access Vulnerability SECUNIA ADVISORY ID: SA13311 VERIFY ADVISORY: http://secunia.com/advisories/13311/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From local network SOFTWARE: CA Unicenter Remote Control 6.x...

PHProjekt setup.php Authentication Bypass Arbitrary Code Execution

The remote host is running PHProjekt, an open source PHP Groupware package. It runs on most Linux and Unix variants, in addition to Microsoft Windows operating systems. An unspecified authentication bypass vulnerability is present in the 'setup.php' source file and may be exploited by a remote...

GLSA-200407-22 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200407-22 phpMyAdmin: Multiple vulnerabilities Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including host, name, and password by appending new settings to...

CVE-2004-1714

BlackICE PC Protection and Server Protection installs 1 firewall.ini, 2 blackice.ini, 3 sigs.ini and 4 protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service crash or modify configuration, as demonstrated by modifying firewall.ini to contain a...

Mandrake Linux Security Advisory : apcupsd (MDKSA-2003:018)

A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable versio...

D-Link AirPlus DI-614+ / DI-624 / DI-704 - DHCP Log HTML Injection

source: https://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the router can craft malicious DHCP...