3632 matches found
Apache Tomcat Web表单哈希冲突拒绝服务漏洞
BUGTRAQ ID: 51200 Tomcat是由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器,按照Sun Microsystems提供的技术规范,实现了对Servlet和JavaServer Page(JSP)的支持,并提供了作为Web服务器的一些特有功能,如Tomcat管理和控制平台、安全域管理和Tomcat阀等。 Tomcat在处理哈希表单张贴和更新哈希表单时,哈希生成函数中存在错误,通过在HTTP POST请求中发送特制的表单,攻击者可利用此漏洞造成拒绝服务。 0 Apache Group Tomcat 7.x Apache Group Tomca...
CVE-2011-5009
The CVE-2011-5009 vulnerability affects 3S CoDeSys CmpWebServer (Control service) as part of CoDeSys 3.4 SP4 Patch 2. It stems from insufficient validation of incoming HTTP requests, leading to a NULL pointer dereference when handling a crafted Content-Length in an HTTP POST or an invalid HTTP me...
Codesys CmpWebServer Multiple Vulnerabilities
Codesys is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Voxsmart VoxRecord Control Centre 2.7 SQL Injection
======================================================================= VoxRecord Control Centre - version 2.7 Blind SQLi and auth. bypass ======================================================================= Affected Software : Voxsmart - VoxRecord Control Centre v. 2.7 Severity : Critical...
IceWarp Mail Server 10.3.2 server/webmail.php Soap Message Parsing - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/49753/info IceWarp Web Mail is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to gain access to potentially sensitive information, and possibly cause denial-of-service conditions; other attacks may also be...
Important: Red Hat Security Advisory: JBoss Communications Platform 1.2.11 and 5.1.1 security update
An updated JBoss Web Services Native component for JBoss Communications Platform 1.2.11 and 5.1.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Web Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common.jar file for JBoss Enterprise Application Platform 5.1.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...
WordPress Plugin 1 Flash Gallery 1.30 1.5.7a - Arbitrary File Upload (Metasploit)
WordPress Plugin 1 Flash Gallery 1.30 1.5.7a - Arbitrary File Upload Metasploit Exploit Title: 1 Flash Gallery Wordpress Plugin Arbitrary File Upload Exploit Google Dork: inurl:"wp-content/plugins/1-flash-gallery" Date: 09/06/2011 Author: Ben Schmidt Software Link:...
Cross Site Scripting Vulnerability at Google Appspot
Cross Site Scripting Vulnerability at Google Appspot The Google Appspot "ClickDesk" login page is vulnerable to Cross Site Scripting attack. Cross Site scripting attack is a critical issue in web application. When an attacker gets a user's browser to execute his/her XSS code, the code will run...
IBM Lotus Domino HPRAgentName Parameter Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in IBM Lotus Domino. IBM Lotus Domino is a software suite which provides enterprise-class messaging, calendaring, and scheduling capabilities for collaborative applications. The vulnerability is due to insufficient input validation by IBM...
Citrix XenApp / XenDesktop XML Service Heap Corruption
No description provided by source. n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.002 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Heap Corruption in...
Citrix XenApp / XenDesktop XML Service - Heap Corruption
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.002 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Heap Corruption in Citrix XML Service Risk: HIGH Vendor...
Portech MV-372 VoIP Gateway - Multiple Vulnerabilities
Portech MV-372 VoIP Gateway - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/48560/info The Portech MV-372 VoIP Gateway is prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information, cause vulnerable devices to...
Portech MV-372 VoIP Gateway - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/48560/info The Portech MV-372 VoIP Gateway is prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information, cause vulnerable devices to crash resulting in a denial-of-service condition, or...
Google: Spyware Found, Removed from Android Market
Google says it has suspended a number of suspicious applications from the Android Market after researchers at NC State announced they had discovered a new and particularly stealthy piece of spyware, dubbed “Plankton,” lurking in Android applications there. According to a report by computer scienc...
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
$Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
Exploit for windows platform in category remote exploits $Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...