113 matches found
Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this...
Cisco WebEx Meetings Server OutlookAction Class Vulnerability
A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...
Cisco WebEx Meetings Server Authenticated Encryption Vulnerability
A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to an invalid token timer. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable...
Cisco WebEx Meetings Server Stack Trace Vulnerability
A vulnerability in the ProfileAction controller of Cisco WebEx Meetings Server CWMS could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of returned messages. An attacker could exploit this vulnerability by submitting...
BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x Double Dot Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/2138/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Unchecked buffers exist in a particular handler for URL requests that begin with two dots ... Depending on the data entered...
Macromedia ColdFusion MX 6.0 Error Message Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the server, an error message is...
Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability
A vulnerability in BulkViewFileContentsAction.java of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper filename parameters. An attacker could exploit this vulnerability by...
Cisco Prime Infrastructure Command Execution Vulnerability
A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command...
Microsoft Sharepoint Path Info Cross-Site Scripting - Ver2 (CVE-2007-2581)
A cross-site scripting vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to lack of input validation when processing URL requests. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary web script or HTML into the affected...
Visual Synapse HTTP Server v1.0 RC3 Directory Traversal Vulnerability
Exploit for windows platform in category remote exploits ===================================================================== Visual Synapse HTTP Server v1.0 RC3 Directory Traversal Vulnerability ===================================================================== Vendor URL:...
Directory traversal
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...
Scotty traceless analysis of the hackers to avoid detection of the means-vulnerability warning-the black bar safety net
Hacker's clever is not just that they know how to invadeServer, but also that they know how to disguise their attacks. Malicious attackers will use a variety of escape means to allow yourself to not be detected, so as system administrator, should also be aware of these means to cope with the...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow PoC source: https://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The...
CVE-2001-1251
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests...
CVE-2001-1251
The CVE-2001-1251 entry concerns SmallHTTP (versions 1.204 through 3.00 beta 8). The vulnerability allows remote attackers to cause a denial of service by sending multiple long URL requests, potentially affecting availability. Documentation in the connected records confirms the affected software ...
CVE-2002-1989
Resin 2.1.1 allows remote attackers to cause a denial of service thread and connection consumption via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp...