143 matches found
SAP Web Application Server crossite scripting
Crossite scripting with /sap/bc/gui/sap/its/webgui/...
SAP Web Application Server 7.0 - sapbcguisapitswebgui Cross-Site Scripting
SAP Web Application Server 7.0 - sapbcguisapitswebgui Cross-Site Scripting source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may...
SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Adobe ColdFusion多个跨站脚本及无效日志漏洞
BUGTRAQ ID: 28205,28207 CVECAN ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话,远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。...
SAP Netviewer 7.0 — XSS Security Vulnerability
Application: SAP Web Application Server, Web Dynpro ABAP and for BSP Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 CVE number: 2008-2421 Description: XSS IN BPELCONSOLE/DEFAULT/ACTIVITIES.JSP...
Debian Security Advisory DSA 1176-1 (zope2.7)
The remote host is missing an update to zope2.7 announced via advisory DSA 1176-1. It was discovered that the Zope web application server does not disable the csvtable directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server. OpenVAS Vulnerability...
Debian: Security Advisory (DSA-910-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-490)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1275-1 (zope2.7)
The remote host is missing an update to zope2.7 announced via advisory DSA 1275-1. A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security...
SAP 'enserver.exe' file downloader
No description provided by source. !/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple : ./r3-stealer-1.0.pl 192.168.2.22...
SAP Web Application Server multiple security vulnerabilities
Directory traversal, local privilege escalation, DoS...
Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details)
Multiple vulnerabilities in SAP Web Application Server Technical details Application : SAP Web AS 6.40 patch 136 and 7.00 patch 66 Platform : All platforms except the third vulnerability Impacts : Remote file disclosure, remote DoS, local privilege escalation Release Date : 8 February 2007 Author...
SAP Web Application Server 6.40 - Arbitrary File Disclosure
SAP Web Application Server 6.40 - Arbitrary File Disclosure !/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple :...
SAP Web Application Server 6.40 - Arbitrary File Disclosure
!/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple : ./r3-stealer-1.0.pl 192.168.2.22 3201 "c:\boot.ini" From MSDN Win2K...
SAP Internet Graphics Service buffer overflow
Overview SAP Internet Graphics Service contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to SAP,The Internet Graphics Service IGS constitutes the infrastructure to enable the...
CVE-2006-6853
Durian Web Application Server 3.02 freeware on Windows is affected by a buffer overflow vulnerability. The issue allows remote code execution via a crafted packet containing a long string sent to TCP port 4002, leading to untrusted data being processed by the server. The CVE description specifies...
Durian Web Application Server远程缓冲区溢出漏洞
Durian Web Application Server是一款WEB应用服务程序。 Durian Web Application Server不正确处理畸形请求,远程攻击者可以利用漏洞对应用程序进行拒绝服务或缓冲区溢出攻击。 提交超长请求可导致缓冲区溢出,或者提交畸形请求可显示1000个访问冲突对话框而造成拒绝服务攻击。 Durian Web Application Server 3.02 目前没有解决方案提供: http://sourceforge.net/projects/durian/ //Durian Web Application Server 3.02 freeware f...
Durian Web Application Server 3.02 freeware for Win32 buffer overflow execute command exploit
No description provided by source. ?php / Durian Web Application Server 3.02 freeware for Win32 buffer overflow execute command exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org tested against xp sp2 ita software site - http://sourceforge.net/projects/durian/ /...
Durian Web Application Server multiple security vulnerabilities
Buffer overflow on oversized request...
Durian Web Application Server 3.02 Remote Buffer Overflow Exploit
No description provided by source. ?php / Durian Web Application Server 3.02 freeware for Win32 buffer overflow execute command exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org tested against xp sp2 ita software site - http://sourceforge.net/projects/durian/ /...