1822 matches found
openSUSE Security Update : xrdp (xrdp-443)
This update fixes multiple buffer overflows that can be exploited remotely to execute arbitrary code. Additionally xrdp does not register remote session as local anymore. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...
Arab Portal 2.2 - Authentication Bypass
Arab Portal 2.2 - Authentication Bypass Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security ...
CVE-2009-1634
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors...
Session fixation
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors...
CVE-2009-1634
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors...
CVE-2009-1634
The CVE-2009-1634 affects the WebAccess component in Novell GroupWise 7.x (before 7.03 HP3) and 8.x (before 8.0 HP2). It arises from improper session management, allowing remote attackers to gain access to user accounts via unspecified vectors. According to NVD, the vulnerability has CVSSv2 base ...
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found another vector of injection in...
Rittal CMC-TC Processing Unit II multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal...
Rittal CMC-TC Processing Unit II XSS / Command Execution
Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal CMC-TC PU II Web management Devices: CMC-TC PU II D...
Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities
Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application...
squirrelmail: session management flaw
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this...
Fedora 9 : phpMyAdmin-3.1.1-1.fc9 (2008-11208)
Improvements for 3.1.1.0: - core Navi panel server links wrong - core bad session.savepath not detected - core Re-login causes PMA to forget current table name - export do not include view name in export - display enable copying of auto increment by default - core do not bail out creating session...
[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation
HACKATTACK Advisory 3Social Impress CMS 1.1 - Session Fixation Details Product: Impress CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.impresscms.info Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
Cisco Unity 7.0存在多个漏洞
BUGTRAQ ID: 31642 CNCAN ID:CNCAN-2008100906 Cisco Unity是一款面向企业级机构的统一通信解决方案。 Cisco Unity存在多个安全问题,包括: -Unity监听在动态UDP端口的多个服务处理特殊报文存在拒绝服务攻击。 -Unity server共享目录可泄漏信息给所有域用户。 -Unity server的会话管理看起来受限制,允许恶意用户使用所有可用户会话对合法管理者进行拒绝服务访问。要恢复新会话功能需要重新启动系统,重新启动默认WEB将不奏效。 -存在输入验证问题,导致多个跨站脚本攻击。 Cisco Unity 7.0...
MySQL Quick Admin 1.5.5 - 'cookie' Local File Inclusion
MySQL Quick Admin = 1.5.5 COOKIE Local File Inclusion Vulnerability url: http://www.mysqlquickadmin.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will b...
CGI::Session CGISESSID Cookie值目录遍历漏洞
BUGTRAQ ID: 30267 CGI::Session是一个Perl5库,可提供可靠易用的模块化会话管理系统。 CGI::Session没有充分的过滤CGISESSID cookie值便将其用在了File驱动中创建会话数据文件的文件名。如果远程攻击者在cookie值中注入了目录遍历序列,就会导致File驱动从配置的会话数据目录以外的任意文件读取会话数据。 仅在满足了所有以下条件的情况下才可以利用这个漏洞: 1 Web应用使用了CGI::Session中的File驱动管理会话。 2 Web应用部署于基于Windows的系统。 3...
Virtual Support Office-XP <= 3.0.29 Multiple Remote Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original...