4561 matches found
For the Oracle TNS listener the attack methods of finishing-vulnerability warning-the black bar safety net
Author: poison/amxku Source: amxku’s blog First, depending on the version, the TNS listener may be more susceptible to a variety of types of buffer overflow attacks, these attacks can be in does not provide a user ID and password to be used. For example: in oracle 9i, when a client requests a lon...
Stack overflow
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file...
CVE-2008-1922
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file...
CVE-2008-1922
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file...
CVE-2008-1922
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file...
CVE-2008-1922
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file...
Remember my password with LDAP
At the login screen, when we click on 'Remember my login on this computer' and login, everything works well. When we close the browser without logout, the login should be remember on this computer. When we try to get back into Jira, here's the bug that we have into our log file. 2008-04-22...
Format string
Format string vulnerability in the Net Inspector HTTP server mghttpd in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file...
CVE-2008-1401
Format string vulnerability in the Net Inspector HTTP server mghttpd in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file...
CVE-2008-1401
Format string vulnerability in the Net Inspector HTTP server mghttpd in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file...
McAfee Framework _naimcomn_Log远程格式串处理漏洞
BUGTRAQ ID: 28228 McAfee Framework是McAfee ePolicy Orchestrator中所实现的用于创建各种McAfee产品服务的框架。 McAfee Framework所安装的applib.dll库中的logDetail函数缺少必要的格式参数便调用了vsnwprintf,远程攻击者可能利用此漏洞控制服务器。 在McAfee ePolicy Orchestrator中可通过发送单个带有畸形sender、package或computer字段的UDP报文来触发这个漏洞。输出日志文件AgentHOSTNAME.log位于Db文件夹中。 0 McAfee...
F5 BIG-IP Web Management Console XSS
F5 BIG-IP Web Management Console XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a potentially persistent cross-site scripting vulnerability in the "Console" feature. Output from executed console commands is wrapped in textarea intentional...
Cross site scripting
Cross-site scripting XSS vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file...
CVE-2008-0837
Cross-site scripting XSS vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file...
Authentication flaw
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0408
CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...
Cross site scripting
Cross-site scripting XSS vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page...
CVE-2007-6211
Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...