CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020, 945553)

The remote host is probably affected by the vulnerability described in CVE-2008-0087 SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PowerDNS Recursor 3.x < 3.1.6 DNS Predictable Transaction ID (TRXID) Cache Poisoning

According to its self-reported version number, the version of PowerDNS Recursor listening on the remote host is version 3.x prior to 3.1.6. It is, therefore, affected by a cache poisoning vulnerability due to insufficient randomness to calculate TRXID values and UDP source port numbers. A remote...

Debian: Security Advisory (DSA-1619-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ruby -- DNS spoofing vulnerability

The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...

Debian DSA-1619-1 : python-dns - DNS response spoofing

Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many...

SuSE 10 Security Update : bind (ZYPP Patch Number 5409)

The transaction id and the udp source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache 'DNS cache poisoning', CVE-2008-1447. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...

Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Advisory ID: cisco-sa-20080708-dns http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Revision 1.0 For Public Release 2008 July 08 1800 UTC GMT...

DEBIAN-CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability

Description Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to...

Multiple DNS implementations vulnerable to cache poisoning

Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Description The Domain Name System DNS is responsible for translating host names to IP addresses and vice versa and is critical for the normal operation of internet-connected systems...

TPBroker Denial of Service Vulnerability

Overview TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor terminate abnormally when the TSC Domain Manager receives invalid messages. Impact An attacker could cause a Denial of Service DoS condition. Solution Please refer to the 'Vendor Information' section f...

Cross site scripting

Cross-site scripting XSS vulnerability in WGate in SAP Internet Transaction Server ITS 6.20 allows remote attackers to inject arbitrary web script or HTML via 1 a "" sequence in the service parameter to wgate.dll, or 2 Javascript splicing in the query string, a different vector than CVE-2006-5114...

CVE-2008-2123

Cross-site scripting XSS vulnerability in WGate in SAP Internet Transaction Server ITS 6.20 allows remote attackers to inject arbitrary web script or HTML via 1 a "" sequence in the service parameter to wgate.dll, or 2 Javascript splicing in the query string, a different vector than CVE-2006-5114...

SAP-07-010.txt

Portcullis Security Advisory 07010 Vulnerable System: SAP Internet Transaction Server Vulnerability Title: Re-introduction of Cross-site Scripting/Cookie Theft Vulnerability. Previous vendor Information: Originally vendor contacted on 02.08.2003 Product: ITS, Version 6.20 Bugtraq ID: 8517 CVE:...

SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting

SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting source: https://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently...

SAP Internet Transaction Server 6200.1017.50954.0 Bu (WGate) - wgate.dll?~service Cross-Site Scripting

SAP Internet Transaction Server 6200.1017.50954.0 Bu WGate - wgate.dll?service Cross-Site Scripting source: https://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize...

SAP Internet Transaction Server 6200.1017.50954.0 Bu (WGate) - &#039;wgate.dll?~service&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting

source: https://www.securityfocus.com/bid/29103/info SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...