Apache Tomcat 5.5.25 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti http://ivanobinetti.com Author : Gianmarco Pirozzi...

Apache Tomcat 5.5.25 - Cross-Site Request Forgery

Apache Tomcat 5.5.25 - Cross-Site Request Forgery +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti...

Apache Tomcat 5.5.25 - Cross-Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti http://ivanobinetti.com Author : Gianmarco Pirozzi...

Honeywell HscRemoteDeploy.dll ActiveX Control vulnerability

Added: 04/19/2013 CVE: CVE-2013-0108 BID: 58134 OSVDB: 90583 Background Honeywell offers software solutions which integrate different systems and devices such as HVAC, security, safety, lighting, and energy into a common platform. Problem A vulnerability in multiple Honeywell products allows...

rhev: vds_installer is prone to MITM when downloading 2nd stage installer

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

Mandriva Linux Security Advisory : busybox (MDVSA-2012:129-1)

Multiple vulnerabilities was found and corrected in busybox : The decompress function in ncompress allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow CVE-2006-1168. A missing DHCP option checking /...

Mandriva Update for busybox MDVSA-2012:129 (busybox)

Check for the Version of busybox OpenVAS Vulnerability Test Mandriva Update for busybox MDVSA-2012:129 busybox Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for busybox MDVSA-2012:129-1 (busybox)

Check for the Version of busybox OpenVAS Vulnerability Test Mandriva Update for busybox MDVSA-2012:129-1 busybox Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Astaro Command Center v2.x - Multiple Web Vulnerabilities

Title: ====== Astaro Command Center v2.x - Multiple Web Vulnerabilities Date: ===== 2012-04-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=4 VL-ID: ===== 4 Introduction: ============= We are pleased to announce the General Availability of the Astaro Command Center...

[SECURITY] Fedora 17 Update: python-paste-script-1.7.5-4.fc17

Paster is pluggable command-line frontend, including commands to setup pack age file layouts Built-in features: Creating file layouts for packages. For instance a setuptools-ready file layout. Serving up web applications, with configuration based on paste.deploy...

[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be...

Null pointer dereference

The PXE Server pxesrv.exe in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service crash via an incomplete TFTP request, which triggers a NULL pointer dereference...

Directory traversal

Directory traversal vulnerability in the PXE Server pxesrv.exe in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service...

CVE-2008-1410

Directory traversal vulnerability in the PXE Server pxesrv.exe in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service...

CVE-2008-1411

The PXE Server pxesrv.exe in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service crash via an incomplete TFTP request, which triggers a NULL pointer dereference...

CVE-2008-1410

Directory traversal vulnerability in the PXE Server pxesrv.exe in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service...

CVE-2008-1411

The PXE Server pxesrv.exe in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service crash via an incomplete TFTP request, which triggers a NULL pointer dereference...

CVE-2008-1411

The CVE-2008-1411 entry affects the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier. The issue is a denial of service (crash) caused by an incomplete TFTP request that triggers a NULL pointer dereference in the PXE server. This is the explicit vulnerability described in the ...

CVE-2008-1410

CVE-2008-1410 affects Acronis Snap Deploy 2.0.0.1076 and earlier, where the PXE Server (pxesrv.exe) is vulnerable to directory traversal via the TFTP service. This allows remote attackers to read arbitrary files from the affected system. The vulnerability is documented with a CVSSv2 base score of...

Acronis Snap Deploy PXE Server TFTP目录遍历和拒绝服务漏洞

BUGTRAQ ID: 28182 CNCAN ID:CNCAN-2008031101 Acronis PXE Server是一款Acronis Snap Deploy服务器的组建，用于配置管理。 Acronis PXE Server不正确处理用户提交的请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务或目录遍历攻击。 PXE Server pxesrv.exe实现的TFTP服务器目录"../"字符缺少过滤，可导致目录遍历问题，以应用程序权限查看系统文件内容。 不完全的TFTP请求可导致NULL指针访问而使系统崩溃。 Acronis Snap Deploy 2.0.0.1076...