EUVD-2003-0383

Malware in sbrugna...

RSA ACE Agent 5.x Image Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

SEC-20051025-1.txt

SEC-CONSULT Security Advisory 20051025-1 ===================================================================== title: RSA ACE Web Agent XSS program: RSA ACE/Agent for Web vulnerable version: 5.1, 5.1.1 newer versions may be vulnerable homepage: www.rsasecurity.com found: 2005-10 by: SEC-CONSULT /...

RSA ACE Agent 5.x - Image Cross-Site Scripting

RSA ACE Agent 5.x - Image Cross-Site Scripting source: https://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scrip...

RSA ACE Agent 5.x - Image Cross-Site Scripting

source: https://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...

CVE-2001-1461

Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded 1 /.. or 2 .. sequences...

CVE-2001-1462

CVE-2001-1462 affects RSA SecurID 5.0 WebID as used by ACE/Agent for Windows, Windows NT and Windows 2000. A URL containing null characters can trigger the WebID agent to enter debug mode, potentially exposing sensitive information. The available documents do not specify further impact details, a...

CVE-2001-1462

WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information...

CVE-2003-0389

Cross-site scripting XSS vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script...

CVE-2003-0389

RSA ACE/Agent (Web) 5.x is affected by an XSS vulnerability in the secure redirect/login handling. Public advisories (SEC-CONSULT/Sec-20051025-1) reference RSA ACE/Agent Web 5.1 and 5.1.1 as vulnerable, exploitable via an unfiltered parameter (e.g., GET or form field like postdata) on web login f...

CVE-2003-0389

Cross-site scripting XSS vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script...

CVE-2001-1461

Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded 1 /.. or 2 .. sequences...

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle URL encoded characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle URL encoded characters contained in a URL. A specially crafted request may bypass authentication and expose the contents of...

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...