CVE-2008-6497

The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service network outage via multiple HTTP requests for the /- URI...

CVE-2008-6497

The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service network outage via multiple HTTP requests for the /- URI...

Adonics NAS Adapter DoS

Multiple DoS conditions on HTTP requests processing after authentication...

NextApp Echo < 2.1.1 XML Injection Vulnerability

No description provided by source. SEC Consult Security Advisory 20090305-0 ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2...

NextApp Echo < 2.1.1 - XML Injection

SEC Consult Security Advisory ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2 found: Feb. 2008 by: Anonymous / SEC Consult...

NextApp Echo XML Injection

SEC Consult Security Advisory ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 me...

NextApp Echo 2.1.1 - XML Injection

NextApp Echo 2.1.1 - XML Injection SEC Consult Security Advisory ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2 found: Feb...

CVE-2009-0804

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

Design/Logic Flaw

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

CVE-2009-0804

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

CentOS Update for irb CESA-2008:0562 centos3 x86_64

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0562 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Oracle Secure Backup Multiple Command Injections (CVE-2008-4006; CVE-2008-5448; CVE-2008-5449)

Oracle Database Server is an enterprise-level relational database application suite. Oracle Secure Backup Administration Server provides a single point of data management across network attached storage NAS devices and distributed hosts. Several command injection vulnerabilities were reported in...

Oracle TimesTen In-Memory Database evtdump CGI Module Format String (CVE-2008-5440)

Oracle TimesTen In-Memory Database is a product for real-time data management and is used for performance-critical functions in environments like real-time enterprises, telecom, capital markets and defense. A format string error vulnerability was reported in Oracle TimesTen In-memory Database. Th...

Preemptive Protection against Free Download Manager Remote Control Server

A buffer overflow vulnerability was reported in Free Download Manager, a free download accelerator and manager. The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. This issue can be triggered via an HTTP reques...

Lore 1.5.6 - article.php Blind SQL Injection

Lore 1.5.6 - article.php Blind SQL Injection Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...

Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

Hello Assurent & Oracle, On Tue, 13 Jan 2009, [email protected] wrote: : Oracle BEA WebLogic Server Apache Connector Buffer Overflow : : Reference: http://www.bea.com/weblogic/server/ : : 2. Vulnerability Summary : : A remotely exploitable vulnerability has been discovered in t...

WS_FTP Server <= 6.1.0.0 Security Bypass Vulnerability

WSFTP Server is prone to a security bypass vulnerability. Copyright C 2008 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

FreeBSD : mediawiki -- multiple vulnerabilities (61b07d71-ce0e-11dd-a721-0030843d3802)

The MediaWiki development team reports : Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads ...

mediawiki -- multiple vulnerabilities

The MediaWiki development team reports: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads i...

[Backports-security-announce] Security Update for nagios3

Jan Wagner uploaded a new package for nagios3 which fixed the following security problem: CVE-2008-5028, SA32610 and Debian Bug 504894 Andreas Ericsson has discovered a vulnerability in Nagios, which can be exploited by malicious people to conduct cross-site request forgery attacks. The applicati...