Sun Java System Identity Manager多个安全漏洞

BUGTRAQ ID: 34191 Sun Java System Identity Manager是一个完整的端到端的保护敏感数据和管理标识配置文件与许可的解决方案。 Sun Java System Identity Manager（IdM）受多个安全漏洞影响，具体如下： 由于没有使用SSL加密某些连接，远程非特权用户可以非授权访问客户端与IdM服务器之间所传输的数据（17763）。 本地或远程非特权用户可以判断是否存在有效的IdM帐号名（18052，18104）。 在IdM服务器上拥有帐号的用户可以更改其他IdM帐号的口令（18578）。...

CVE-2008-6478

Cross-site request forgery CSRF vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft build 4.0.0-365.6.swsoft and 25.4.swsoft build 3.0.0-25.4.swsoft allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag...

Fedora Update for util-linux FEDORA-2007-2462

Check for the Version of util-linux OpenVAS Vulnerability Test Fedora Update for util-linux FEDORA-2007-2462 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Authentication flaw

servermgrd Server Manager in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration...

3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

No description provided by source. ==================================================== 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass Original Advisory: http://www.ikkisoft.com/stuff/LC-2008-05.txt luca.carettoniatikkisoftdotcom...

3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

==================================================== Security Research Advisory Vulnerability name: "3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass" Advisory number: LC-2008-05 Advisory URL: http://www.ikkisoft.com ==================================================== 1 Affecte...

3Com OfficeConnect Wireless CableDSL Router - Authentication Bypass

3Com OfficeConnect Wireless CableDSL Router - Authentication Bypass ==================================================== 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass Original Advisory: http://www.ikkisoft.com/stuff/LC-2008-05.txt luca.carettoniatikkisoftdotcom...

3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass

==================================================== 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass Original Advisory: http://www.ikkisoft.com/stuff/LC-2008-05.txt luca.carettoniatikkisoftdotcom ==================================================== An unauthenticated user may...

CVE-2008-2367

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...

PT-2009-21: CMS.Pilot SQL Injection Vulnerability

CMS.Pilot is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...

DEBIAN-CVE-2008-4311

The default configuration of system.conf in D-Bus aka DBus before 1.2.6 omits the sendtype attribute in certain rules, which allows local users to bypass intended access restrictions by 1 sending messages, related to sendrequestedreply; and possibly 2 receiving messages, related to...

Xerox WorkCentre Extensible Interface Platform Unspecified Security Bypass (XRX08-006)

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly contains an unspecified vulnerability affecting the Extensible Interface Platform feature in the product's Web Services. A remote attacker may be able to leverage this issue to make...

Fedora 8 : system-config-network-1.5.10-1.fc8 (2008-4633)

This security update fixes system-config-network-1.5.5-1.fc8, where the console file from Fedora 9 was distributed. This bug enabled every console user to change the network configuration. Systems with system-config- network-1.5.5-1.fc8 installed should install this update. Note that Tenable...

NEC MultiWriter 1700C web server authentication bypass vulnerability

Overview Certain NEC printers have build-in web servers. They contain a vulnerability, where unauthorized users could change the system configuration. Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution None...

CVE-2008-0998

CVE-2008-0998 affects Apple Mac OS X 10.4.11 and 10.5.2. The vulnerability is in NetCfgTool (System Configuration) where local users can bypass authorization and execute arbitrary code by sending crafted distributed objects to a privileged process. The root cause is improper handling of distribut...

Analysis of Linux Backdoor techniques and practices-the vulnerability of early warning-the black bar safety net

| | Page 1 of: analysis of the Linux Backdoor technique and practice methods --- | --- The back door introduction The intruder complete control of the system, to facilitate the next time you enter and use a technology. Generally by modifying system configuration files and installation of...

CVE-2004-2739

The setup routine setup.php in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors...

CVE-2004-2739

PHProjekt v4.2.1 and earlier is affected by a vulnerability in the setup.php routine that allows remote attackers to modify system configuration. The root cause is described as via unknown attack vectors, and the issue is associated with the setup process rather than a specific module. Affected c...

HP-UX get_system_info privilege escalation

It's possible to change system configuration with getsysteminfo if Ignite-UX or the DynRootDisk DRD are installed...

Internet cafe management software reproduction of vulnerability-vulnerability warning-the black bar safety net

Internet cafe management software is again exposed with the accounting loopholes, and this vulnerability than six months ago that the more concealed, by the operation, can achieve one hour of money for unlimited Internet access. Reported material said, in the stone floor of the bridge all the...