2007-06 Sentinel Protection Server Directory Traversal

Title ----- Sentinel Protection Server Directory Traversal Severity -------- High Date Discovered --------------- October 10th, 2007 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey Lebleu Vulnerability Description ------------------------- A classic...

CVE-2003-1510

TinyWeb 1.9 allows remote attackers to cause a denial of service CPU consumption via a ".%00." in an HTTP GET request to the cgi-bin directory...

CVE-2002-2240

Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." dot dot in an HTTP GET request...

CVE-2004-2727

Buffer overflow in MEHTTPS HTTPMail of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service application crash via a long HTTP GET request...

CVE-2003-1337

Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request...

Buffer overflow

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request to port 2372...

CVE-2007-1685

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request to port 2372...

CVE-2007-1685

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request to port 2372...

CVE-2007-1685

CVE-2007-1685 describes a buffer overflow in k9filter.exe of BlueCoat K9 Web Protection 3.2.36 (and likely earlier versions before 3.2.44) that can be triggered by a long HTTP GET request to port 2372. The vulnerability may allow a remote attacker to cause a denial of service (crash) and potentia...

Buffer overflow

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long 1 /cgi-bin/ or 2 /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112...

CVE-2007-1733

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long 1 /cgi-bin/ or 2 /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112...

CVE-2007-0240

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

Cross site scripting

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

CVE-2007-0240

The CVE-2007-0240 entry describes a cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier, exploitable via unspecified vectors in HTTP GET requests, allowing an attacker to inject arbitrary web script/HTML that runs in the victim’s browser. The OpenVAS/Debian/SUSE/Nessus advisories ...

Kronolith: Local file inclusion

Background Kronolith is a web-based calendar which relies on the Horde Framework for integration with other applications. Description Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact An authenticated...

kronolith -- arbitrary local file inclusion vulnerability

iDefense Labs reports: Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server. The vulnerability specifically exists due to a design error in the way it includes certa...

ELOG Web Logbook Remote Denial of Service Vulnerability

ELOG Web Logbook Remote Denial of Service Vulnerability OS2A ID: OS2A1008 Status: 10/31/2006 Issue Discovered 11/08/2006 Reported to the Vendor 11/08/2006 Fixed by Vendor 11/10/2006 Advisory Released Class: Denial of Service Severity: Medium Overview: --------- The Electronic Logbook ELOG is part...

CVE-2006-5596

Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ dot dot backslash sequences in an HTTP GET request...

CVE-2006-5112

CVE-2006-5112 reflects a buffer overflow in the NaviCOPA Web Server 2.01 caused by handling of long HTTP GET requests, enabling remote code execution. Connected sources confirm a public proof-of-concept/exploit vector: a Metasploit module named navicopa_get_overflow (and related exploit reference...

CVE-2006-5112

Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request...