Lucene search
K

5 matches found

seebug.org
seebug.org
added 2010/04/02 12:0 a.m.34 views

ZABBIX<= 1.8.1 DBcondition函数SQL注入漏洞

BUGTRAQ ID: 39148 CVE ID: CVE-2010-0686 zabbix是一个CS结构的分布式网络监控系统。 Zabbix API使用了include/db.inc.php中定义的DBcondition函数来执行SQL查询中WHERE子句的条件。该函数没有对用户提供数据提供额外的检查: function DBcondition$fieldname, &$array, $notin=false, $string=false global $DB; $condition = ''; ---cut--- $in = $notin?' NOT IN ':' IN ';...

7.5CVSS6.4AI score0.02177EPSS
Exploits2
seebug.org
seebug.org
added 2010/04/02 12:0 a.m.31 views

VMware WebAccess URL转发安全漏洞

BUGTRAQ ID: 39103 CVE ID: CVE-2010-0686 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare的WebAccess组件没有充分地验证用户所提供的输入,允许将入站请求转发到其他目的地。所转发的目标无法看到请求URL的真实来源,只能看到运行WebAccess的机器地址。攻击者可以利用这个转发漏洞伪造源址定向服务器上通讯。 VMWare Server 2.0 VMWare VirtualCenter 2.5 VMWare VirtualCenter 2.0.2 VMWare ESX 3.5...

7.5CVSS6.4AI score0.02177EPSS
Exploits2
Cvelist
Cvelist
added 2010/04/01 7:0 p.m.25 views

CVE-2010-0686

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."...

6.5AI score0.02177EPSS
Exploits2References4
CVE
CVE
added 2010/04/01 7:0 p.m.68 views

CVE-2010-0686

Summary: CVE-2010-0686 concerns VMware WebAccess in VMware VirtualCenter (2.0.2/2.5), VMware Server 2.0, and VMware ESX (3.0.3/3.5). The issue is a URL forwarding vulnerability where the WebAccess proxy functionality does not properly validate/limit inbound requests, allowing an attacker to spoof...

7.5CVSS6.5AI score0.02177EPSS
Exploits2References4Affected Software1
securityvulns
securityvulns
added 2010/03/31 12:0 a.m.100 views

VMSA-2010-0005 VMware products address vulnerabilities in WebAccess

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0005 Synopsis: VMware products address vulnerabilities in WebAccess Issue date: 2010-03-29 Updated on: 2010-03-29 initial releas...

7.5CVSS7AI score0.02399EPSS
Exploits2
Rows per page
Query Builder