1746 matches found
DreamBox DM800 Arbitrary File Download Vulnerability
Exploit for hardware platform in category remote exploits Exploit Title: title Date: date Author: ShellVision Version: dm800 / !CDATA / functiontryvar...
BLOG:CMS <= 4.2.1.f Multiple XSS Vulnerabilities - Active Check
BLOG:CMS is prone to multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
allocPSA <= 1.7.4 XSS Vulnerability - Active Check
allocPSA is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Mandriva Linux Security Advisory : python (MDVSA-2011:096)
Multiple vulnerabilities have been identified and fixed in python : The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...
XtreamerPRO Media-player 2.6.02.7.0 - Multiple Vulnerabilities
XtreamerPRO Media-player 2.6.02.7.0 - Multiple Vulnerabilities Exploit Title: XtreamerPRO Media-player and streamer multiple vulnerabilities Google Dork: intitle:Xtreamer Media Server + "2009 Xtreamer.net, All right reserved." Date: 15/05/2011 Author: Itzik Chen Software Link: www.xtreamer.net...
DreamBox DM500(+) - Arbitrary File Download
DreamBox DM500+ - Arbitrary File Download DreamBox DM500+ Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Affected version: DM500, DM500+, DM500HD and DM500S Summary: The Dreambox is a series of Linux-powered DVB satellite,...
DreamBox DM500(+) - Arbitrary File Download
DreamBox DM500+ Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Affected version: DM500, DM500+, DM500HD and DM500S Summary: The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television...
DreamBox DM500+ File Download
DreamBox DM500+ Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Affected version: DM500, DM500+, DM500HD and DM500S Summary: The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television...
Code injection
The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...
PSF-2011-1 CGI directory traversal (is_cgi() function)
The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...
CVE-2011-1015
The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...
CVE-2011-1015
The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...
Design/Logic Flaw
IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history...
CVE-2011-0345
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable...
Directory traversal
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable...
CVE-2011-0345
CVE-2011-0345 is a directory traversal vulnerability in the NMS server of Alcatel-Lucent OmniVista 4760 (affected: OmniVista 4760 NMS versions 5.0.07.05 and 5.1.06.03 ). The issue allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, specifically ...
PhotoPost PHP <= 4.8c Multiple XSS Vulnerabilities - Active Check
PhotoPost PHP is prone to multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Darkshell Botnets Targeting Chinese Manufacturers With DDoS Attacks
Researchers are tracking a new bot that originated in China and is being used by various associated botnets that are hammering away with DDoS attacks aimed at several dozen targets around the world, including a number of telecom companies and specialized manufacturers. The piece of malware behind...
Polycom SoundPoint IP Devices Denial Of Service
Exploit for hardware platform in category dos / poc Polycom SoundPoint IP devices IP phones are vulnerable to Denial of Service attacks. Sending HTTP GET request with broken Authorization header effect a device restart after 60 seconds. It was tested on: SoundPoint IP 335 Version: 3.2.4.1734...
Polycom SoundPoint IP Devices Denial Of Service
Hello, Polycom SoundPoint IP devices IP phones are vulnerable to Denial of Service attacks. Sending HTTP GET request with broken Authorization header effect a device restart after 60 seconds. It was tested on: SoundPoint IP 335 Version: 3.2.4.1734 SoundPoint IP 430 Version: 3.2.3.1734 SoundPoint ...