FreeBSD : mantis -- multiple vulnerabilities (29255141-c3df-11dd-a721-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. Input passed to the 'filtertarget' parameter in returndynamicfilters.p...

DDIVRT-2008-18 Orb Denial of Service

Title ----- DDIVRT-2008-18 Orb Denial of Service Severity -------- Medium Date Discovered --------------- October 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- Orb Network...

Pi3Web ISAPI Requests Handling DoS Vulnerability

Pi3Web is prone to ISAPI Requests Handling DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5257

webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service crash or hang via HTTP requests, as demonstrated by a McAfee vulnerability scan...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...

CVE-2008-5028

CVE-2008-5028 is a CSRF in Nagios' cmd.cgi affecting Nagios 3.0.5 and op5 Monitor before 4.0.1. The vulnerability allows remote attackers to trigger commands in the Nagios process via unspecified HTTP requests, potentially enabling execution of arbitrary commands. Related advisories (Gentoo GLSA-...

CVE-2008-5028

Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...

Update Protection against Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability

A buffer overflow vulnerability was reported in Trend Micro’s OfficeScan. Trend Micro OfficeScan is a centralized virus and security scan management system. The flaw is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can trigger this vulnerability to inject...

Meeting Room Booking System (MRBS) < 1.4 SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================== Meeting Room Booking System MRBS 1.4 SQL Injection Exploit ============================================================== "MRBS is a system for multi-site booking of meeting...

Adobe Flash Player plug-in null pointer dereference and browser crash

If a Flash 9 SWF loads two SWF files with different SWF version numbers from two distinct HTTP requests to the exact same URL including query string arguments, then Adobe's Flash Player plug-in will try to dereference a null pointer. This issue affects at least versions 9.0.45.0, 9.0.112.0,...

CVE-2008-3663

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

CVE-2008-3663

CVE-2008-3663 summary (from provided docs): SquirrelMail prior to the patch release had a session cookie that was not marked Secure during HTTPS, potentially allowing cookie exposure to remote attackers via HTTP requests. The linked advisories reference SquirrelMail 1.4.15 and note that updates/p...

CVE-2008-3102

CVE-2008-3102 affects MantisBT: vulnerable in Mantis 1.1.x (up to 1.1.2) and 1.2.x (up to 1.2.0a2). Root cause: the session cookie is not marked Secure in HTTPS sessions, enabling potential cookie leakage. Impact stated in sources includes session hijacking through captured cookies; other CVEs in...

8E6 Technologies R3000 - Host Header Internet Filter Security Bypass

source: https://www.securityfocus.com/bid/30541/info 8e6 Technologies R3000 Internet Filter is prone to a vulnerability that allows attackers to bypass URI filters. Attackers can exploit this issue by sending specially crafted HTTP request packets for an arbitrary website. Successful exploits all...

Improper access control

Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service system crash, or obtain sensitive information, probably related to insufficient access control for HTTP requests...

CVE-2008-3349

CVE-2008-3349 concerns multiple unspecified vulnerabilities in NetApp Data ONTAP (used on NetApp and IBM eServer platforms) that allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably due to insufficient access con...

RHEL 2.1 / 3 : ruby (RHSA-2008:0562)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2008:0562-01 Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted...

Alt-N Technologies SecurityGateway Username Buffer Overflow (CVE-2008-4193)

The Alt-N Technologies SecurityGateway offers email security with a spam filter that serves as an Exchange or SMTP firewall. A stack-based buffer overflow vulnerability was reported in Alt-N Technologies SecurityGateway. The vulnerability is due to a boundary error in the SecurityGateway that fai...

The use of IIS maximum number of connections to test site bandwidth-vulnerability warning-the black bar safety net

This program only as technical exchanges, not for illegal purposes! Recently bought a space to play, you do not laugh, is the entry level of the virtual host, coupling is poor?, the various parameters are quite low, particularly IIS the number of connections, only 1 0 0, that is, at the same time...