56 matches found
CA ARCserve D2D r15 Credentials Disclosure
Credentials disclosure vulnerability in CA ARCserve Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Mozilla Foundation Security Advisory 2011-50
Mozilla Foundation Security Advisory 2011-50 Title: Cross-origin data theft using canvas and Windows D2D Impact: High Announced: November 8, 2011 Reporter: Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Thunderbird 8.0 Description Mozilla developer Bas Schouten reported that the introductio...
CVE-2011-3649
CVE-2011-3649 affects Mozilla Firefox 7.0 and Thunderbird 7.0 on Windows when using Direct2D with the Azure graphics backend, allowing cross-origin image data to be read via a manipulated canvas (Same Origin Policy bypass). The issue stems from a regression introduced by CVE-2011-2986. According ...
Cross-origin data theft using canvas and Windows D2D — Mozilla
Mozilla developer Bas Schouten reported that the introduction of the "Azure" graphics back-end on Windows in Firefox 7 re-introduced the cross-origin data theft issue reported by nasalislarvatus3000 as described in MFSA 2011-29...
CA ARCserve D2D GWT RPC Request Credentials Disclosure (CVE-2011-3011)
A credentials disclosure vulnerability has been reported in CA ARCserve D2D. The vulnerability is due to an error while processing Google Web Toolkit GWT RPC requests. A remote attacker can exploit this vulnerability by sending a specially crafted RPC request to an affected server. Successful...
Mozilla Thunderbird 5 Multiple Vulnerabilities
Binary data 801266.prm...
Security issues addressed in Firefox 6 — Mozilla
Miscellaneous memory safety hazards rv:4.0 Impact: Critical Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances...
Security issues addressed in Thunderbird 6 — Mozilla
Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may...
Security issues addressed in SeaMonkey 2.3 — Mozilla
Miscellaneous memory safety hazards rv:4.0 Impact: Critical Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and w...
CVE-2011-3011
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors...
Design/Logic Flaw
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors...
CVE-2011-3011
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors...
CVE-2011-3011
The CVE-2011-3011 issue affects CA ARCserve D2D r15’s web server, specifically the GWT RPC handling in the homepageServlet. A remote attacker can send a specially crafted GWT RPC request to trigger an information/credentials disclosure, exposing the Windows administrator credentials used by the A...
CA Arcserve D2D GWT RPC Credential Information Disclosure
$Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CA Arcserve D2D GWT RPC Credential Information Disclosure
This module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for...
CA Arcserve D2D GWT RPC Credential Information Disclosure
Exploit for jsp platform in category web applications $Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informati...
CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)
$Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
CA ARCserver D2D is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Computer Associates ARCserve D2D homepageServlet Servlet Information Disclosure
The installed version of ARCserve D2D, a disk-based backup product from Computer Associates, allows an unauthenticated, remote attacker to discover the username and password used by the affected application. This can be accomplished by sending a specially crafted POST request to the...
Computer Associates ARCserve D2D Detection
The remote web server is part of ARCserve D2D, a disk-based backup product from Computer Associates. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55719; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Computer Associates ARCserve D2D...