Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability

A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to improper sanitization of user input. An exploit could allow the attacker to view the content...

openstack-swift: XSS in Swift requests through WWW-Authenticate header

It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks and possibly other impacts if a user were tricked into clicking on a malicious URL...

CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

USN-2256-1 swift vulnerability

John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing...

UBUNTU-CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

Cisco IOS XR Software SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause a reload of the SNMP process on an affected device. The vulnerability is due to improper processing of SNMP requests for certain MIBs. An attacker...

Buffer overflow

Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a long string in the first argument...

CVE-2010-5289

Buffer overflow in the Authenticate method of the INCREDISPOOLERLib.Pop ActiveX control (ImSpoolU.dll) in IncrediMail 2.0 is the issue. The vulnerability arises from a long string in the first argument, triggering a crash (DoS) and potentially unspecified impact. Affected component: ImSpoolU.dll,...

Privoxy < 3.0.21 Multiple Information Disclosure Vulnerabilities

According to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.21. It is, therefore, affected by multiple information disclosure vulnerabilities due to the application not properly handling Proxy-Authenticate and Proxy-Authorization headers. Th...

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

Code injection

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

CVE-2012-3503

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

Traq authenticate function remote code execution

Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...

Traq 'authenticate()'函数远程代码执行漏洞

Bugtraq ID: 50961 Traq是一款基于PHP/MySQL的项目管理软件 定义在/admincp/common.php中的authenticate函数存在错误： 27. function authenticate 28. 29. global $user; 30. 31. if!$user-group'isadmin' 32. header"Location: login.php"; 33...

Traq 'authenticate()' Function RCE Vulnerability

Traq is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-201110-01 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201110-01 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could cause a Denial of...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

CVE-2010-2944

The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges...