Lucene search
K

113 matches found

Cisco
Cisco
added 2014/11/19 5:6 p.m.25 views

Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this...

5CVSS6.4AI score0.02255EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/28 8:0 p.m.25 views

Cisco WebEx Meetings Server OutlookAction Class Vulnerability

A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL...

5CVSS6.3AI score0.01794EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/28 8:0 p.m.25 views

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

5CVSS6.3AI score0.01652EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/25 6:59 p.m.20 views

Cisco WebEx Meetings Server Authenticated Encryption Vulnerability

A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to an invalid token timer. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable...

5.8CVSS6.2AI score0.00951EPSS
Exploits0References1
Cisco
Cisco
added 2014/07/25 2:29 p.m.24 views

Cisco WebEx Meetings Server Stack Trace Vulnerability

A vulnerability in the ProfileAction controller of Cisco WebEx Meetings Server CWMS could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of returned messages. An attacker could exploit this vulnerability by submitting...

5CVSS6.3AI score0.01846EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x Double Dot Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/2138/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Unchecked buffers exist in a particular handler for URL requests that begin with two dots ... Depending on the data entered...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Macromedia ColdFusion MX 6.0 Error Message Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the server, an error message is...

7.1AI score
Exploits0
Cisco
Cisco
added 2014/06/11 8:57 p.m.28 views

Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability

A vulnerability in BulkViewFileContentsAction.java of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper filename parameters. An attacker could exploit this vulnerability by...

4CVSS6.3AI score0.0185EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/26 4:0 p.m.31 views

Cisco Prime Infrastructure Command Execution Vulnerability

A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command...

9CVSS7.2AI score0.02106EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2014/01/28 12:0 a.m.2 views

Microsoft Sharepoint Path Info Cross-Site Scripting - Ver2 (CVE-2007-2581)

A cross-site scripting vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to lack of input validation when processing URL requests. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary web script or HTML into the affected...

5.5AI score0.36226EPSS
Exploits1
0day.today
0day.today
added 2010/10/08 12:0 a.m.47 views

Visual Synapse HTTP Server v1.0 RC3 Directory Traversal Vulnerability

Exploit for windows platform in category remote exploits ===================================================================== Visual Synapse HTTP Server v1.0 RC3 Directory Traversal Vulnerability ===================================================================== Vendor URL:...

7.1AI score0.02482EPSS
Exploits3
Prion
Prion
added 2009/08/04 4:30 p.m.16 views

Directory traversal

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

5CVSS6.9AI score0.02265EPSS
Exploits0References9Affected Software1
myhack58
myhack58
added 2009/05/06 12:0 a.m.19 views

Scotty traceless analysis of the hackers to avoid detection of the means-vulnerability warning-the black bar safety net

Hacker's clever is not just that they know how to invadeServer, but also that they know how to disguise their attacks. Malicious attackers will use a variety of escape means to allow yourself to not be detected, so as system administrator, should also be aware of these means to cope with the...

0.2AI score
Exploits0
Saint
Saint
added 2007/06/22 12:0 a.m.77 views

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

7.6CVSS7.1AI score0.96436EPSS
Exploits20
Saint
Saint
added 2007/06/22 12:0 a.m.98 views

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

7.6CVSS9.8AI score0.96436EPSS
Exploits20
Saint
Saint
added 2007/06/22 12:0 a.m.153 views

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

7.6CVSS7.1AI score0.96436EPSS
Exploits20
exploitpack
exploitpack
added 2003/12/26 12:0 a.m.14 views

Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)

Surfboard HTTPd 1.1.9 - Remote Buffer Overflow PoC source: https://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.15 views

CVE-2001-1251

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests...

6.6AI score0.01614EPSS
Exploits0References3
CVE
CVE
added 2003/04/02 5:0 a.m.48 views

CVE-2001-1251

The CVE-2001-1251 entry concerns SmallHTTP (versions 1.204 through 3.00 beta 8). The vulnerability allows remote attackers to cause a denial of service by sending multiple long URL requests, potentially affecting availability. Documentation in the connected records confirms the affected software ...

5CVSS7AI score0.01614EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2002/12/31 5:0 a.m.22 views

CVE-2002-1989

Resin 2.1.1 allows remote attackers to cause a denial of service thread and connection consumption via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp...

5CVSS6.7AI score0.0124EPSS
Exploits0References1
Rows per page
Query Builder