3756 matches found
Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method
Overview Whale communications e-Gap security appliance is a tool to provide a secure remote web access platform. A vulnerability exists that may permit a remote attacker to gain access to the source code of the login page. Description Whale communications e-Gap security appliance version 2.5...
CVE-2003-1127
Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor...
Web servers enable HTTP TRACE method by default
Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...
Problem when signing up for new user Account from login page
I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...
CVE-2000-0615
CVE-2000-0615 : LPRng 3.6.x improperly installs lpd as setuid root, allowing local users to append lpd trace and logging messages to files. The connected documents confirm the vulnerability is a local privilege issue tied to the lpd binary running with root privileges. No explicit exploit details...
CVE-2001-1041
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace .trc file that is created in an alternate home directory identified by the ORACLEHOME environment variable...
QPopper 4.0.x - PopAuth Trace File Shell Command Execution
QPopper 4.0.x - PopAuth Trace File Shell Command Execution source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctl...
QPopper 4.0.x - PopAuth Trace File Shell Command Execution
source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctly handle user-supplied input. A user can supply data to the...
CVE-2001-1041
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace .trc file that is created in an alternate home directory identified by the ORACLEHOME environment variable...
Sendmail 8.118.12 Debugger - Arbitrary Code Execution (2)
Sendmail 8.118.12 Debugger - Arbitrary Code Execution 2 // source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for...
Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (3)
source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line with t...
CVE-2000-0309
Public technical details about CVE-2000-0309 are not provided in the connected documents. The initial entry notes a local DoS in OpenBSD 2.4 with DDB, but no further technical specifics or fixes are included here. Monitor for updates.
CVE-2000-0309
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service...
CVE-2000-0309
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service...
PT-2009-6753 · Opensuse +2 · Pcfclock-Kmp-Trace +18
Name of the Vulnerable Software and Affected Versions: dazuko-kmp-debug affected versions not specified kvm-kmp-trace affected versions not specified aufs-kmp-debug affected versions not specified ofed-kmp-debug affected versions not specified kqemu-kmp-debug affected versions not specified...
Update rollup 8.0.11049.0 for Microsoft Monitoring Agent (KB4015075)
None None...