774 matches found
CVE-2008-4242
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web...
Cross site request forgery (csrf)
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...
apache -- multiple vulnerabilities
Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2008-2364: modproxyhttp: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. CVE-2007-6420:...
CVE-2008-1106
The management interface in Akamai Client formerly Red Swoosh 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains 1 no Referer header, or 2 a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site...
[SECURITY] [DSA 1534-2] New iceape packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-1534-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2008 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-1553-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-1654
Interaction error between Adobe Flash and multiple Universal Plug and Play UPnP services allow remote attackers to perform Cross-Site Request Forgery CSRF style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primar...
Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities
Airscanner Mobile Security Advisory 07122001: Eye-Fi Solution Multiple Vulnerabilities Product: Eye-Fi 1.1.2 Platform: NA Requirements: NA Credits: Seth Fogie Airscanner Mobile Security http://www.airscanner.com December 20, 2007 Risk Level: Medium - Spoofed image injection, redirection of upload...
SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 2545)
The Adobe Acrobat Reader Japanese version has been updated to version 7.0.9. This update also includes following security fixes : - A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2006-5857 - Universal cross-site request forgery CSRF...
Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device
Calyptix Security Advisory CX-2007-04 Cross-Site Request Forgery Attack Against Check Point Safe@Office Device Date: 06/26/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-04.php http://labs.calyptix.com/CX-2007-04.txt Overview Multiple versions of Check Point's Safe@Office UTM devi...
CVE-2007-1520
The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...
Cross site request forgery (csrf)
The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...
Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin
Rapid7 Advisory R7-0026 HTTP Header Injection Vulnerabilities in the Flash Player Plugin Published: Oct 17, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0026.jsp 1. Affected Systems: KNOWN VULNERABLE: o Flash Player plugin 9.0.16 for Windows o Flash Player plugin 7.0.63 for Linux PROBAB...
phpBB2.0.19.txt
Orginal Source: http://securityreason.com/achievementsecurityalert/31 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin Author: Maksymilian Arciemowicz cXIb8O3 Date: 3.2.2006 from SecurityReason.Com CVE-2006-0437 for the XSS issues CVE-2006-0438...