Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (1)

...

TWiki CSRF Vulnerability

TWiki is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:twiki:twiki";...

PYSEC-2009-17

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors...

PYSEC-2009-17

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors...

CVE-2009-0662

The CVE-2009-0662 issue affects the PlonePAS component used with Plone. It concerns the login form handling in PlonePAS 3.x before 3.9 and 3.2.x before 3.2.2, where the login flow allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors. The impact is...

Ubuntu 6.06 LTS / 7.10 : gnome-screensaver vulnerabilities (USN-669-1)

It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. CVE-2007-6389 Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication...

CVE-2009-1016

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the...

Design/Logic Flaw

Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMSSYSSQL...

CVE-2009-0997

Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMSSYSSQL...

CVE-2009-1016

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the...

CVE-2009-1017

Oracle BI Publisher in Oracle Application Server 5.6.2 and certain 10.1.3.x builds contains an unspecified vulnerability that allows remote authenticated users to affect confidentiality via unknown vectors. The issue is associated with BI Publisher (Oracle XML Publisher/BI Publisher) components a...

CVE-2009-0996

CVE-2009-0996 affects the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3 and 10.1.3.4. The vulnerability is described as unspecified and allows remote authenticated users to affect confidentiality via unknown vectors. Oracle’s April 2009 CPU advisory (cpuapr2009) provi...

CVE-2009-0982

CVE-2009-0982 affects Oracle PeopleSoft Enterprise: PeopleTools 8.49.19 with an unspecified vulnerability in the PeopleTools component, allowing remote authenticated users to impact integrity via unknown vectors. The CVE is tied to Oracle’s April 2009 CPU Patch Update, which addresses multiple vu...

CVE-2008-6708

CVE-2008-6708 affects Avaya SIP Enablement Services (SES) 3.x and 4.0 as used with Avaya Communication Manager 3.1.x and 4.x. The vulnerability is described as an unspecified issue in the Web management interface that allows remote authenticated administrators to gain root privileges through unkn...

Mandriva Update for xscreensaver MDKSA-2007:097 (xscreensaver)

Check for the Version of xscreensaver OpenVAS Vulnerability Test Mandriva Update for xscreensaver MDKSA-2007:097 xscreensaver Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mandriva Update for gnome-screensaver MDVSA-2008:132 (gnome-screensaver)

Check for the Version of gnome-screensaver OpenVAS Vulnerability Test Mandriva Update for gnome-screensaver MDVSA-2008:132 gnome-screensaver Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Update for samba MDKSA-2007:104-1 (samba)

Check for the Version of samba OpenVAS Vulnerability Test Mandriva Update for samba MDKSA-2007:104-1 samba Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CVE-2008-6659

Directory traversal vulnerability in index.php in Simple Machines Forum SMF 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the themedir field during a jsoption action,...

CVE-2009-1230

Podcast Generator pre-1.2 is vulnerable to Arbitrary File Deletion via core/admin/delete.php and related input handling flaws (e.g., persisting inputs like file/absoluteurl/theme_path with register_globals enabled). Exploitation could let an attacker delete arbitrary files on the webserver. Affec...

CVE-2008-6524

resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication...