549 matches found
CVE-2007-0184
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...
CVE-2006-6916
Getahead Direct Web Remoting DWR before 1.1.3 allows attackers to cause a denial of service infinite loop via unknown vectors related to "crafted input."...
CVE-2007-0185
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...
CVE-2007-0185
DWR (Getahead Direct Web Remoting) before version 1.1.4 is vulnerable to denial of service due to memory exhaustion triggered by a large number of batched calls; the specific vectors are not detailed in the provided documents. No remediation details are present here.
CVE-2007-0184
CVE-2007-0184 concerns Getahead Direct Web Remoting (DWR) prior to 1.1.4. A crafted request can bypass include/exclude checks and enable unauthorized access to public methods, indicating an authorization bypass vulnerability . The connected documents reference this CVE across multiple advisories ...
CVE-2006-6916
CVE-2006-6916 affects Getahead Direct Web Remoting (DWR) prior to 1.1.3. The provided connected Red Hat entry corroborates that attackers can cause a denial of service (infinite loop) via crafted input. The exact root cause, vulnerable component(s) within DWR, affected versions beyond the stated ...
Hacking AJAX DWR Applications
By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...
DWR protection bypass
Protection againsts functions access is implemented in client side...
CVE-2006-6916
Getahead Direct Web Remoting DWR before 1.1.3 allows attackers to cause a denial of service infinite loop via unknown vectors related to "crafted input."...