Authentication flaw

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests...

CVE-2009-2901

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests...

CVE-2009-2901

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests...

Mandriva Linux Security Advisory : ruby (MDVSA-2010:017)

A vulnerability has been found and corrected in ruby : WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers t...

CVE-2009-4611

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

SQL-Ledger Multiple Vulnerabilities

This host is running SQL-Ledger and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodsqlledgermultvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SQL-Ledger Multiple Vulnerabilities Authors: Sharath S Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program i...

Preemptive Protection against HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow

A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program webappmon.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...

Preemptive Protection against HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow

A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program snmpviewer.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTT...

Free Download Manager Remote Control Server Header Buffer Overflow (CVE-2009-0183)

Free Download Manager is an open source free download accelerator and manager software distributed under GPL license. It includes various features and components, such as upload manager, Flash video download, Remote Control Server, BitTorrent support, smart file management, a powerful scheduler a...

Monkey Web Server Denial Of Service

census ID: census-2009-0004 URL: http://census-labs.com/news/2009/12/14/monkey-httpd/ CVE ID: Pending Affected Products: Monkey web server versions ≤ 0.9.2. Class: Improper Input Validation CWE-20, Incorrect Calculation CWE-682 Remote: Yes Discovered by: Patroklos Argyroudis We have discovered a...

Monkey HTTPd improper input validation vulnerability

census ID: census-2009-0004 URL: http://census-labs.com/news/2009/12/14/monkey-httpd/ CVE ID: Pending Affected Products: Monkey web server versions ? 0.9.2. Class: Improper Input Validation CWE-20, Incorrect Calculation CWE-682 Remote: Yes Discovered by: Patroklos Argyroudis We have discovered a...

Novell eDirectory dhost HTTPSTK Buffer Overflow

Novell eDirectory is a Lightweight Directory Access Protocol LDAP server, intended for use as part of an identity management solution. A code execution vulnerability exists in Novell eDirectory. The vulnerability is due to lack of boundary validation when handling HTTP requests to the HTTPSTK for...

CVE-2009-2509

Active Directory Federation Services ADFS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution...

Trend Micro OfficeScan Multiple CGI Modules Form Processing Buffer Overflow (CVE-2008-3862)

Trend Micro OfficeScan is a centralized virus and security scan management system. It is meant to consolidate the coordination of security scan actions and the management of Trend Micro virus scanner products installed on nodes of an enterprise network. The product is a central command center for...

HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)

HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow...

Ipswitch WhatsUp Small Business Application Suite Directory Traversal (CVE-2005-1939)

The Ipswitch WhatsUp Small Business product is an application suite which provides monitoring and protection services for a small network. The program allows a network to be mapped, devices monitored, and failures to be detected. A directory traversal vulnerability exists in the Ipswitch Whatsup...

PHP vulnerability full solution-vulnerability warning-the black bar safety net

PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...

Trend Micro OfficeScan CGI Password Decryption Buffer Overflow (CVE-2008-1365)

Trend Micro OfficeScan is a centralized virus and security scan management system. It is meant to consolidate the coordination of security scan actions and the management of Trend Micro virus scanner products installed on the nodes of an enterprise network. The product is a central command centre...

3Com Network Supervisor Directory Traversal (CVE-2005-2020)

The 3Com Network Supervisor is a network management application that discovers, maps, and displays network links and IP devices. It monitors devices and connections for stress levels, set thresholds and various network events. The product is also capable of generating reports in various formats. ...

Update Protection against HP Power Manager Remote Code Execution

A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...