Lucene search
K

3011 matches found

RedHat Linux
RedHat Linux
added 2009/03/06 5:15 p.m.6 views

JBoss EAP unprivileged local xml file access

The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...

5CVSS5.9AI score0.01805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/03/06 4:58 p.m.2 views

JBoss EAP unprivileged local xml file access

The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...

5CVSS5.9AI score0.01805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/11/14 12:0 a.m.11 views

Microsoft Web Service client Version Detection

Binary data 4756.prm...

7.3AI score
Exploits0
Nmap
Nmap
added 2008/11/06 2:52 a.m.323 views

http-auth NSE Script

Retrieves the authentication scheme and realm of a web service that requires authentication. See also: http-auth-finder.nse http-brute.nse Script Arguments http-auth.path Define the request path slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...

10CVSS0.3AI score0.99448EPSS
Exploits33
RedHat Linux
RedHat Linux
added 2008/10/24 2:44 p.m.3 views

OpenJDK JAX-WS unauthorized URL access (6542088)

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...

8.3CVSS7.4AI score0.04042EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2008/08/16 12:0 a.m.22020 views

phpizabi-traverse.txt

PHPizabi v0.848b traversal file access Vendor url:http://www.phpizabi.net/ Advisore:http://lostmon.blogspot.com/2008/08/ phpizabi-v0848b-traversal-file-access.html Vendor notify:no exploit available:yes Description By vendor page: PHPizabi is one of the most powerful social networking platforms o...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/04/10 12:0 a.m.58 views

CAU-2008-0002: Microsoft Windows SharePoint Services Picture Source XSS

/ / | | | | ----====/ // / | || |====---- | | | || | | | | | | | | | | | | | ------====== / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID: CAU-2008-0002...

Exploits0
Packet Storm
Packet Storm
added 2008/04/09 12:0 a.m.23 views

Computer Academic Underground Advisory 2008.2

/ \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | | ------======\ / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID:...

0.4AI score
Exploits0
seebug.org
seebug.org
added 2008/02/20 12:0 a.m.958 views

Microsoft IIS ASP远程代码执行漏洞(MS08-006)

BUGTRAQ ID: 27676 CVECAN ID: CVE-2008-0075 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS处理ASP网页输入的方式存在远程代码执行漏洞,允许攻击者向网站的ASP页面传送恶意输入。成功利用这个漏洞的攻击者可以在IIS服务器上以WPI的权限(默认配置为网络服务帐号权限)执行任意操作。 Microsoft IIS 6.0 Microsoft IIS 5.1 临时解决方法: 在Windows Server 2003上禁用传统风格ASP: 1...

10CVSS1.9AI score0.57167EPSS
Exploits1
0day.today
0day.today
added 2008/01/16 12:0 a.m.29 views

MiniWeb 0.8.19 Multiple Remote Vulnerabilities

Exploit for unknown platform in category remote exploits ============================================== MiniWeb 0.8.19 Multiple Remote Vulnerabilities ============================================== MiniWeb Multiple Vulnerabilities Introduction MiniWeb is a mini HTTP server implementation written ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/10/23 12:0 a.m.21 views

Simple PHP Blog多个安全漏洞

Simple PHP Blog是一款基于PHP的网络日记程序。 Simple PHP Blog不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞对应用程序进行各种攻击。 问题包括如下: -IP伪造 -HTML注入 -会话固定 -开放EMAIL RELAY -本地文件包含 -跨站请求伪造 -任意文件上传。 攻击者利用这些问题可破坏受影响的应用程序,以WEB服务进程权限执行任意代码。发送任意恶意邮件,或窃取COOKIE等信息。 Simple PHP Blog Simple PHP Blog 0.5.1 Simple PHP Blog Simple PHP Blog 0.4.8 Simpl...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/07/26 12:0 a.m.24 views

ifoto-traversal.txt

ifoto traversal folder enumeration Vendor url:http://ifoto.ireans.com/ Advisore:http://lostmon.blogspot.com/2007/07/ ifoto-traversal-folder-enumeration.html vendor notify:no exploit include:yes ifoto contains a flaw that allows a remote traversal arbitrary folder enumeration.This flaw exists...

7.4AI score
Exploits0
Prion
Prion
added 2007/05/16 1:19 a.m.12 views

Information disclosure

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...

5CVSS6.9AI score0.01917EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/05/16 1:19 a.m.19 views

CVE-2007-2698

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...

5CVSS6.4AI score0.01917EPSS
Exploits0References5
CVE
CVE
added 2007/05/16 1:0 a.m.52 views

CVE-2007-2698

Summary: CVE-2007-2698 affects BEA WebLogic Server 9.0 Administr ation Console. The issue allows an attacker to view plaintext Web Service attributes during configuration creation, potentially exposing sensitive credentials. The published CVSS v2 base score is 5.0 (Medium): Network access, low at...

5CVSS6.5AI score0.01917EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/05/16 1:0 a.m.17 views

CVE-2007-2698

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...

6.4AI score0.01917EPSS
Exploits0References5
exploitpack
exploitpack
added 2007/04/16 12:0 a.m.12 views

Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion

Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion source: https://www.securityfocus.com/bid/23499/info News Manager Deluxe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/02/09 12:0 a.m.56 views

DevTrack Web Service UserName Field SQL Injection

The remote host is running DevTrack, a defect and project tracking tool. The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote...

7.5CVSS5.8AI score0.01063EPSS
Exploits0References1
Metasploit
Metasploit
added 2007/01/07 11:33 p.m.16 views

MailEnable Authorization Header Buffer Overflow

This module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.28 views

FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)

An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...

5CVSS6.1AI score0.02665EPSS
Exploits0References4
Rows per page
Query Builder