571 matches found
CVE-2009-0264
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors...
CVE-2009-0264
The CVE-2009-0264 entry concerns Fujitsu SystemWizard Lite (SystemcastWizard Lite) with affected versions 2.0A, 2.0, 1.9 and earlier. The underlying issue is a buffer overflow in the Registry Setting Tool. Technical details in the connected documents confirm a high-severity condition (CVSS v2 bas...
Fujitsu SystemcastWizard Lite buffer overflow
Buffer overflow on oversized PXE request...
[Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.
Wintercore Research:: Advisory W01-0109 html version: http://www.wintercore.com/advisories/advisoryW010109.html 1. Background "SystemcastWizard Lite is support software for the setup of the PRIMEQUEST system" 2. Non-technical description PXEService.exe is prone to a remote buffer overflow due to...
CVE-2008-5842
Multiple cross-site scripting XSS vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with 1 a demo application shipped with WebTransactions and possibly 2 an unspecified...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with 1 a demo application shipped with WebTransactions and possibly 2 an unspecified...
CVE-2008-5842
Multiple cross-site scripting XSS vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with 1 a demo application shipped with WebTransactions and possibly 2 an unspecified...
CVE-2008-5842
CVE-2008-5842 affects Fujitsu-Siemens WebTransactions 7.0/7.1 (and possibly other versions). The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary script/HTML via vectors tied to a shipped demo application and an unspecified dy...
Potential access to "/" in setups with
Description When connecting to a share called "" empty string using an older version of smbclient before 3.0.28 for example with: 'smbclient //server/ -U user%pass' access to the root filesystem is granted with the privileges of the authenticated user. This only happens in setups with registry...
Code injection
WBPublish aka WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to 1...
CVE-2008-5810
WBPublish aka WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to 1...
CVE-2008-5810
CVE-2008-5810 affects WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0/7.1 (and possibly other versions). The flaw allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP input that is mishandled during temporary session data cleanup, potentially involving direc...
SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactions remote command injection vulnerability
SEC-CONSULT Security Advisory 20081219-0 =================================================================================== title: Fujitsu-Siemens WebTransactions Remote Command Injection Vulnerability program: WebTransactions vulnerable version: =7.1 homepage: http://www.fujitsu-siemens.com/...
Fujitsu-Siemens WebTransactions shell characters vulnerability
Unfiltered user input in systemcall...
Fujitsu-Siemens WebTransactions远程命令执行漏洞
BUGTRAQ ID: 32927 CNCAN ID:CNCAN-2008122201 Fujitsu-Siemens WebTransactions是一款允许为主机应用程序提供新的业务流程和应用的解决方案。 Fujitsu-Siemens WebTransactions不正确处理输入验证,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 部分条件下,当清理临时会话数据时,WBPublish.exe传递没有经过验证的输入就给system函数,可导致无需验证攻击者以WEB进程权限执行任意命令。 Fujitsu-Siemens WebTransactions 7.1...
Apache Tomcat 'RemoteFilterValve'安全绕过漏洞
BUGTRAQ ID: 31698 CVE ID:CVE-2008-3271 CNCVE ID:CNCVE-20083271 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理'RemoteFilterValve'扩展存在安全绕过问题,远程攻击者可以利用漏洞绕过访问限制,获得敏感信息。 在使用RemoteAddrValve允许部分地址访问引擎时: Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/...
[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-3271: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.31 Tomcat 5.5.0 Tomcat 6.0.x is not affected The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions ma...
Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability
Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...
Directory traversal
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...
CVE-2008-3776
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...