571 matches found
Authentication flaw
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using 1...
CVE-2007-3011
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...
CVE-2007-3011
Summary (concrete details): CVE-2007-3011 affects Fujitsu-Siemens ServerView prior to v4.50.09 where the DBAsciiAccess CGI script in the web interface processes the Servername subparameter of the ParameterList and fails to sanitize input, enabling remote command execution. An attacker can inject ...
CVE-2007-3012
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using 1...
CVE-2007-3011
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...
CVE-2007-3012
The CVE-2007-3012 entry describes an information-disclosure vulnerability in the web interface of Fujitsu-Siemens PRIMERGY BX300 Switch Blade. When a remote attacker aborts the HTTP authentication dialog on certain sub-pages, the resulting page still reveals data from form fields, effectively byp...
Fujitsu ServerView DBASCIIAccess脚本远程代码执行漏洞
BUGTRAQ ID: 24762 CVECAN ID: CVE-2007-3011 ServerView是用于进行自动分析和版本维护的资产管理工具。 ServerView的Web接口处理用户数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程的权限执行任意命令。 DBAsciiAccess CGI脚本提供了ping功能,该脚本Parameterlist参数的Servername子参数给出了所要ping的IP地址,但没有对这个IP地址执行任何检查。如果在IP后添加了拖尾分号,攻击者就可以注入任意shell命令并以Web服务器进程的权限执行。 Fujitsu...
Fujitsu PRIMERGY BX300刀片服务器信息泄露漏洞
BUGTRAQ ID: 24761 CVECAN ID: CVE-2007-3012 PRIMERGY BX300是非常适用于运算密集应用程序的刀片服务器。 PRIMERGY BX300的Web界面在处理访问认证时存在漏洞,远程攻击者可能利用此漏洞获取服务器相关的敏感信息。 PRIMERGY BX300的Web接口是可以通过HTTP访问的,在访问时默认会要求HTTP...
[Full-disclosure] Fujitsu-Siemens ServerView Remote Command Execution
Advisory: Fujitsu-Siemens ServerView Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Fujitsu- Siemens ServerView during a penetration test. The DBAsciiAccess CGI script is vulnerable to a remote command execution because of a parameter which is not properl...
Fujitsu-Siemens PRIMERGY BX300 switch authentication bypass
It's possible to access some Web interface pages without authentication by their URL...
Fujitsu-Siemens ServerView code execution
Shell characters filtering problem in Web interface "ping" CGI script...
[Full-disclosure] Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure
Advisory: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure RedTeam Pentesting discovered an information disclosure in the Fujitsu- Siemens BX300 Switch Blade during a penetration test. By accessing URLs of the web interface directly and aborting the authentication dialog, one is...
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution source: https://www.securityfocus.com/bid/24762/info Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute...
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
source: https://www.securityfocus.com/bid/24762/info Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application...
emul-linux-x86-java: Multiple vulnerabilities
Background emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development Kit. Description Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an "incorrect use o...
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service cpu and resource consumption by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption...
Interstage Application Server未明跨站脚本漏洞
Interstage Application Server是一款企业级电子商务解决方案。 Interstage Application Server不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 目前没有详细漏洞细节提供。 Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1 Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1 Fujitsu INTERSTAGE Job Workload Server 8.1 Fujitsu INTERSTAGE...
Information disclosure
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types...
CVE-2007-1504
Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...
CVE-2007-1505
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types...