4745 matches found
Awareness of vulnerabilities haha-vulnerability warning-the black bar safety net
Text/SuperHeiAtph4nt0m.org 2006-2-12 2006-02-0 9, milw0rm released the FCKEditor one upload vulnerability1. Fig. FCKEditor is one of a plurality of language Language version of theasp,cgi,aspx,php,cfm,...of the online editing class2, many web systems use this A class. In fact, this is something o...
ACMS vulnerability-vulnerability warning-the black bar safety net
A few days ago a friend asked me to help him dosecurity testing, his Station is ACMS information distribution system. I to the official down a set of ACMS to study. ACMS front Desk is by the back-end to generate the static page, there is no injection vulnerability. The background comes with the...
Current Versions Release History
Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...
Update Protection against Multiple SAP Business Connector Vulnerabilities
SAP Business Connector SAP BC is B2B application that enables communication between SAP applications like SAP R/3 and non-SAP applications. Several vulnerabilities have been reported in the SAP BC that can allow for Phishing scams against the SAP BC administrator, disclosure of sensitive...
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector)
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Input...
CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector)
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryPhishingVectorinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP BC Business Connector Vulnerability Class: Phishing Vector / Improper Input Validatio...
AJP Connector Detection
The remote host is running an AJP Apache JServ Protocol connector, a service by which a standalone web server such as Apache communicates over TCP with a Java servlet container such as Tomcat. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid21186; scriptversion"1.11";...
Fixed in Apache Tomcat JK Connector 1.2.16
Important: Information disclosure CVE-2006-7197 The Tomcat AJP connector contained a bug that sometimes set a too long length for the chunks delivered by sendbodychunks AJP messages. Bugs of this type can cause modjk to read beyond buffer boundaries and thus reveal sensitive memory information to...
Brooky CubeCart < 3.0.7 connector.php Arbitrary File Upload
Binary data 3446.prm...
Design/Logic Flaw
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing phishing attacks via an absolute URL in the url parameter, which loads the URL inside a frame...
CVE-2006-0731
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing phishing attacks via an absolute URL in the url parameter, which loads the URL inside a frame...
Directory traversal
Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...
CVE-2006-0732
Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...
CVE-2006-0731
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing phishing attacks via an absolute URL in the url parameter, which loads the URL inside a frame...
CVE-2006-0732
Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...
CVE-2006-0732
CVE-2006-0732 is a directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7. The issue allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Conditions: the product ...
CVE-2006-0731
SAP Business Connector Core (WmRoot/adapter-index.dsp) vulnerability (CVE-2006-0731) affects Core Fix 7 and earlier. An absolute URL in the url parameter can be loaded inside a frame, enabling remote phishing spoofing attacks. Exploitation details or in-the-wild activity are not provided in the s...
Multiple SAP Business Connector B2B software vulnerabilities
Directory traversal, content spoofing...
CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC
The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityPre-AdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Inp...
SAP Business Connector 4.64.7 - adapter-index.dsp?url Arbitrary Site Redirect
SAP Business Connector 4.64.7 - adapter-index.dsp?url Arbitrary Site Redirect source: https://www.securityfocus.com/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input...