Cisco IOS HTTP access level authentication bypass

Added: 12/23/2010 CVE: CVE-2001-0537 BID: 2936 OSVDB: 578 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands at the highest privilege level level 15 without needing to authenticate by...

Cisco IOS HTTP access level authentication bypass

Added: 12/23/2010 CVE: CVE-2001-0537 BID: 2936 OSVDB: 578 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands at the highest privilege level level 15 without needing to authenticate by...

CVE-2010-4595

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...

CVE-2010-4590

Cross-site scripting XSS vulnerability in HTTP Access Services HTTP-AS in the Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-4594

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service memory consumption and HTTP-AS hang by making many connection requests that...

CVE-2010-4591

The Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a...

Design/Logic Flaw

The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service...

Design/Logic Flaw

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...

Cross site scripting

Cross-site scripting XSS vulnerability in HTTP Access Services HTTP-AS in the Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

The Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a...

CVE-2010-4592

The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service...

CVE-2010-4591

The CVE-2010-4591 entry concerns IBM Lotus Mobile Connect (LMC)

CVE-2010-4592

The CVE-2010-4592 issue affects IBM Lotus Mobile Connect (Connection Manager) prior to version 6.1.4 when HTTP Access Services is enabled. The vulnerability stems from improper handling of failed HTTP-TCP session establishment, which allows remote attackers to trigger memory consumption leading t...

CVE-2010-4590

Cross-site scripting XSS vulnerability in HTTP Access Services HTTP-AS in the Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-4590

CVE-2010-4590 describes a Cross-site scripting (XSS) vulnerability in the HTTP Access Services (HTTP-AS) component of IBM Lotus Mobile Connect (LMC) prior to version 6.1.4. The flaw affects the Connection Manager and allows remote attackers to inject arbitrary web script or HTML via unspecified v...

CVE-2009-4151

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...

Pixaria Gallery 2.3.5 - 'file' Remote File Disclosure

?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Pixaria Gallery 2.3.5 /QQQ/\QQQ\ Remote File Disclosure /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://pixaria.com |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait,...

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

Barracuda Arbitrary File Disclosure + Command Execution

Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall Update: 07 August 2006 Updated by: PATz...