Lucene search
K

633 matches found

seebug.org
seebug.org
added 2008/07/18 12:0 a.m.23 views

Velocity安全管理系统HTTP服务器目录遍历漏洞

BUGTRAQ ID: 30261 Hirsch公司的Velocity安全管理系统是用于访问控制和安全操作的管理软件。 Velocity安全管理系统处理畸形用户请求时存在漏洞,远程攻击者可以向Velocity安全管理系统内嵌的WEB服务器提交恶意URL请求执行目录遍历攻击,导致下载服务器上的敏感数据。 Hirsch Electronics Velocity Security Management System 1.0 http://server:port/../../../../../../../../../../../../../etc/passwd...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.37 views

Velocity Web Server directory traversal

No description provided...

2.7AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2008/07/17 12:0 a.m.22 views

Velocity Security Management System HTTP服务器目录遍历漏洞

BUGTRAQ ID: 30261 CNCAN ID:CNCAN-2008071704 Velocity Security Management System是一款系统管理程序。 Velocity Security Management System HTTP服务程序存在目录遍历攻击,远程攻击者可以利用漏洞以应用程序权限查看系统文件内容。 构建包含多个'../'字符作为参数数据,可绕过WEB ROOT限制,以应用程序权限查看系统文件内容。 Hirsch Electronics Velocity Security Management System 1.0 下载最新版本:...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/17 12:0 a.m.34 views

DSECRG-08-028.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-028 Application: Velocity web-server a part of Velocity Security Management System Versions Affected: Old version 1.0 Vendor URL: http://hirschelectronics.com Bugs: Directory traversal File Download Exploits: YES Reported: 03.03.2008 Secon...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/01/24 12:0 a.m.52 views

Cisco Security Advisory: Default Passwords in the Application Velocity System

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Default Passwords in the Application Velocity System Advisory ID: cisco-sa-20080123-avs http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml Revision 1.0 For Public Release 2008 January 23 1600 UTC GMT...

10CVSS0.7AI score0.02237EPSS
Exploits0
securityvulns
securityvulns
added 2008/01/24 12:0 a.m.29 views

Cisco Application Velocity System default account

Password for default account is not generated during installation...

10CVSS3.9AI score0.02237EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2008/01/23 4:0 p.m.41 views

Default Passwords in the Application Velocity System

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

10CVSS6.2AI score0.02237EPSS
Exploits0References1
Atlassian
Atlassian
added 2007/10/17 12:34 a.m.21 views

Move velocity templates and other web resources into WEB-INF in the Confluence webapp

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-9730. panel It presents a small information leak, and is just tidier if we put all the internal stuff into WEB-INF...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/17 12:34 a.m.17 views

Move velocity templates and other web resources into WEB-INF in the Confluence webapp

It presents a small information leak, and is just tidier if we put all the internal stuff into WEB-INF...

1.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/03 2:58 a.m.19 views

Velocity does not automatically escape HTML entities when substituting variables

Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/03 2:58 a.m.32 views

Velocity does not automatically escape HTML entities when substituting variables

Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/03 2:58 a.m.24 views

Velocity does not automatically escape HTML entities when substituting variables

Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2006/05/11 12:0 a.m.48 views

Cisco Application Velocity System TCP port relaying

Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...

1.4AI score
Exploits0References1Affected Software2
Rows per page
Query Builder