Debian DSA-882-1 : openssl095 - cryptographic weakness

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer OpenSSL library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix...

CVE-2006-5037

MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...

CVE-2006-5036

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sqremotepageurl parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The...

CVE-2006-5036

CVE-2006-5036 affects MySource Matrix 3.8 and earlier and MySource 2.x. The issue stems from the parameter sq_remote_page_url , which can be abused to make the application act as an HTTP proxy, enabling access to arbitrary sites using the server IP and enabling cross‑site scripting (XSS). Impact ...

CVE-2006-5037

CVE-2006-5037 affects MySource Matrix versions after 3.8. The issue allows remote attackers to use the application as an HTTP proxy via a MIME-encoded URL in the sq_content_src parameter, enabling access to arbitrary sites using the server’s IP and enabling cross-site scripting (XSS). The PT-2006...

CVE-2006-5037

MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...

PT-2006-5778 · Matrix · Matrix

Name of the Vulnerable Software and Affected Versions: Matrix versions after 3.8 Description: The issue allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq content src parameter. This can be used to access arbitrary sites with the server's IP...

Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 22-Sep-2006 Software: Squiz - My Source and My Source Matrix http://www.squiz.net.au "MySource Matrix is the newest version of the popular MySource CMS, purpose built for enterprise level...

mysource 2.14.82.16 - Multiple Vulnerabilities

mysource 2.14.82.16 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct...

[SA17634] Hitachi Products Cross-Site Scripting and Denial of Service

TITLE: Hitachi Products Cross-Site Scripting and Denial of Service SECUNIA ADVISORY ID: SA17634 VERIFY ADVISORY: http://secunia.com/advisories/17634/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS WHERE: From remote SOFTWARE: Cosminexus 6.x http://secunia.com/product/5795/ Groupm...

[SA17185] Hitachi TP1/Server Base Unspecified Denial of Service Vulnerability

TITLE: Hitachi TP1/Server Base Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA17185 VERIFY ADVISORY: http://secunia.com/advisories/17185/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: Hitachi TP1/Server Base http://secunia.com/product/5853/ DESCRIPTION...

[Full-disclosure] Silently fixed security bugs in Oracle Critical Patch Update July 2005

Hello BugTraq-Reader After reading the patch documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix. Detailed information about most of these bugs are not available via Metalink but in...

CVE-2004-2089

Matrix FTP Server allows remote attackers to cause a denial of service crash by logging in using four spaces as the username and password and then issuing a LIST command...

CVE-2004-2089

CVE-2004-2089 affects Matrix FTP Server. The vulnerability (remote denial of service) occurs when an attacker logs in with four spaces as both username and password and then issues a LIST command, causing a crash. Documents do not provide root-cause details beyond this description, nor any offici...

CVE-2004-2089

Matrix FTP Server allows remote attackers to cause a denial of service crash by logging in using four spaces as the username and password and then issuing a LIST command...

CVE-2001-1206

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $errorlog variable...

CVE-2001-1206

CVE-2001-1206 affects Matrix CGI vault Last Lines 2.0. The vulnerability: remote attackers can execute arbitrary commands via shell metacharacters in the $error_log variable, enabling remote code execution over the network. The provided sources do not specify affected versions beyond Last Lines 2...

CVE-2001-1206

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $errorlog variable...

CVE-1999-1454

The vulnerability CVE-1999-1454 affects Macromedia The Matrix screen saver on Windows 95 when the Password protected option is enabled. The root cause is that pressing the Escape key can bypass the password prompt, allowing attackers with physical access to unlock the system. The NVD entry lists ...