10 matches found
EUVD-2006-6899
Malware in sbrugna...
CVE-2006-6916
Getahead Direct Web Remoting DWR before 1.1.3 allows attackers to cause a denial of service infinite loop via unknown vectors related to "crafted input."...
GHSA-HG5P-233H-C7FH Direct Web Remoting vulnerable to Denial of Service
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...
Incorrect Authorization in Getahead Direct Web Remoting
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...
Design/Logic Flaw
The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
Cross site request forgery (csrf)
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks...
CVE-2007-0185
Getahead Direct Web Remoting DWR before 1.1.4 allows attackers to cause a denial of service memory exhaustion and servlet outage via unknown vectors related to a large number of calls in a batch...
CVE-2006-6916
CVE-2006-6916 affects Getahead Direct Web Remoting (DWR) prior to 1.1.3. The provided connected Red Hat entry corroborates that attackers can cause a denial of service (infinite loop) via crafted input. The exact root cause, vulnerable component(s) within DWR, affected versions beyond the stated ...
CVE-2007-0185
DWR (Getahead Direct Web Remoting) before version 1.1.4 is vulnerable to denial of service due to memory exhaustion triggered by a large number of batched calls; the specific vectors are not detailed in the provided documents. No remediation details are present here.
CVE-2007-0184
CVE-2007-0184 concerns Getahead Direct Web Remoting (DWR) prior to 1.1.4. A crafted request can bypass include/exclude checks and enable unauthorized access to public methods, indicating an authorization bypass vulnerability . The connected documents reference this CVE across multiple advisories ...