6646 matches found
Authentication flaw
The Web management interface in Avaya SIP Enablement Services SES 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via 1 the...
CVE-2008-6707
The Web management interface in Avaya SIP Enablement Services SES 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via 1 the...
CVE-2008-6707
CVE-2008-6707 affects Avaya SIP Enablement Services (SES) 3.x and 4.0 when used with Avaya Communication Manager 3.1.x. The issue is that the web management interface does not perform authentication for several functions, allowing remote attackers to access restricted functionality and obtain sen...
Mandriva Update for clamav MDKSA-2007:098 (clamav)
Check for the Version of clamav OpenVAS Vulnerability Test Mandriva Update for clamav MDKSA-2007:098 clamav Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Mandriva Update for clamav MDKSA-2007:098 (clamav)
Check for the Version of clamav OpenVAS Vulnerability Test Mandriva Update for clamav MDKSA-2007:098 clamav Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Mandriva Update for jackit MDVA-2008:200 (jackit)
Check for the Version of jackit OpenVAS Vulnerability Test Mandriva Update for jackit MDVA-2008:200 jackit Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Mandriva Update for silc-toolkit MDVA-2008:051 (silc-toolkit)
Check for the Version of silc-toolkit OpenVAS Vulnerability Test Mandriva Update for silc-toolkit MDVA-2008:051 silc-toolkit Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
CVE-2008-6673
CVE-2008-6673 affects QuickerSite 1.8.5. The issue is an improper access restriction on admin functionality, allowing remote attackers to perform admin actions via unauthenticated requests: (1) change the admin password through cSaveAdminPW, (2) modify site information such as the contact address...
Flash drive/CD autoplay command execution
Added: 04/07/2009 Background This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it...
New vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Information Leakage, Insufficient Anti-automation и Insufficient Authentication уязвимостях в Power Phlogger. Information Leakage: В скрипте счётчика pphlogger.js, или в коде вызова скрипта с сервера системы в параметре id, на сайте...
CVE-2009-0787
The ecryptfswritemetadatatocontents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory...
Vulnerabilities in Invision Power Board
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality та Insufficient Anti-automation уязвимостях в форумном движке Invision Power Board. Abuse of Functionality: Мне уже давно была известна возможность определения логинов на форуме - имя пользователя на форуме есть одновременно...
Should Microsoft be in the security business?
Gartner security analyst Neil MacDonald thinks there are five levels to the discussion gartner.com about whether Microsoft should be in the security business. They include secure coding obviously, secure functionality in the platform at no cost of course, add-on security products at a fee maybe a...
Microsoft spars with researcher over security patch
One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security. According to Tyler Reguly, a senior security engineer at...
New vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Abuse of Functionality та Denial of Service уязвимостях в Power Phlogger. Abuse of Functionality: Уязвимость в системе восстановления создания нового пароля http://site/dspNewPw.php. Зная "Имя пользователя" или "e-mail" id, который есть...
A common situation is back to execute the xp_cmdshell-vulnerability warning-the black bar safety net
Common case resume execution of xpcmdshell. 1 could not find stored procedure'master..xpcmdshell'. Recovery method: query separator connected, The first step to perform:EXEC spaddextendedproc xpcmdshell,@dllname ='xplog70.dll'declare @o int The second step execution:spaddextendedproc 'xpcmdshell'...
Fedora Update for xfce4-places-plugin FEDORA-2007-4368
Check for the Version of xfce4-places-plugin OpenVAS Vulnerability Test Fedora Update for xfce4-places-plugin FEDORA-2007-4368 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
cryptsetup functionality problem
It's impossible to delete keyslot while using key from same keyslot...
Unfixed XSS vulnerability at www.rtsbanana.com
Security researcher Skyr3x, has submitted on 02/07/2009 a cross-site-scripting XSS vulnerability affecting www.rtsbanana.com, which at the time of submission ranked 6923737 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/12/2011. It is...
CVE-2008-6015
Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 keywords and 2 cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...