Ipswitch WhatsUp Professional 2006 - Authentication Bypass

source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them...

Design/Logic Flaw

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...

CVE-2006-2341

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...

CVE-2006-2341

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...

[Full-disclosure] SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure

SEC Consult Security Advisory 20060512-0 ============================================================== title: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure program: Symantec Enterprise FW vulnerable version: 8.0 homepage: www.symantec.com found: 2005-09-13 by: SEC Consult /...

Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability

Rapid7, LLC Security Advisory Rapid7 Advisory R7-0023 Symantec Scan Engine File Disclosure Vulnerability Published: April 21, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0023.html CVE: CVE-2006-0232 1. Affected systems: KNOWN VULNERABLE: o Symantec Scan Engine v5.0.0.24 KNOWN FIXED: o...

[Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Symantec Scan Engine Multiple Vulnerabilities Threat: Moderate Impact: Unauthorized access Product: Symantec Scan Engine Situation Overview: Three vulnerabilities have been discovered in the Symantec Scan Engine. Symantec Scan Engine is a...

MyBB global.php 'KILL_GLOBAL' Overwrite SQL Injection

The version of MyBB installed on the remote host is affected by a global variable overwrite vulnerability due to a failure to properly initialize global variables in the global.php script. A remote, unauthenticated attacker can exploit this issue to overwrite global variables to launch a SQL...

Response Time / No 404 Error Code Check

This VT tests if the remote web server does not reply with a 404 error code and checks if it is replying to the scanners requests in a reasonable amount of time. SPDX-FileCopyrightText: 2006 Renaud Deraison / HD Moore Some text descriptions might be excerpted from a referenced sources, and are...

Fortinet-url.txt

URL filter bypass in Fortinet Severity: Low Impact: Bypass Fortinet web filter Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3058 Vulnerability Description: ------------------------- It is possible to bypass Fortinet URL blocker by making special HTTP...

[Full-disclosure] URL filter bypass in Fortinet

URL filter bypass in Fortinet Severity: Low Impact: Bypass Fortinet web filter Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3058 Vulnerability Description: ------------------------- It is possible to bypass Fortinet URL blocker by making special HTTP...

Oracle PL/SQL Gateway fails to properly validate HTTP requests

Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...

CVE-2006-0248

Virata-EmWeb web server 610, as used in 1 Intracom JetSpeed 500 and 520 and 2 Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests...

Design/Logic Flaw

Virata-EmWeb web server 610, as used in 1 Intracom JetSpeed 500 and 520 and 2 Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests...

CVE-2006-0248

Virata-EmWeb web server 610, as used in 1 Intracom JetSpeed 500 and 520 and 2 Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests...

MySQL MaxDB WebTools special character buffer overflow

Added: 12/22/2005 CVE: CVE-2005-0684 BID: 13368 OSVDB: 15816 Background MaxDB is a SAP-certified open-source database developed by MySQL. The WebTools component offers a set of database tools which are accessible from a web browser. The wahttp program listens on port 9999 and processes HTTP...

CVE-2004-2547

NetWin SurgeMail (before 2.0c) and NetWin WebMail expose sensitive information through HTTP error handling. Requests to the root ("/"), to "/scripts/", or to a non-existent file can cause error messages that reveal the server path. This vulnerability is described as an information disclosure affe...

CVE-2002-2152

The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected...

CVE-2002-2152

The CVE-2002-2152 entry concerns the Czech edition of Software602’s Web Server prior to 2002.0.02.0916. Affected component: web server software; vulnerability: remote attackers can gain administrator privileges by directly requesting /admin/, which is not password protected. Underlying cause: lac...

CVE-2005-3475

Hasbani Web Server WindWeb 2.0 allows remote attackers to cause a denial of service infinite loop via HTTP crafted GET requests...