1859 matches found
CVE-2010-4590
CVE-2010-4590 describes a Cross-site scripting (XSS) vulnerability in the HTTP Access Services (HTTP-AS) component of IBM Lotus Mobile Connect (LMC) prior to version 6.1.4. The flaw affects the Connection Manager and allows remote attackers to inject arbitrary web script or HTML via unspecified v...
CVE-2009-4151
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...
Pixaria Gallery 2.3.5 - 'file' Remote File Disclosure
?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Pixaria Gallery 2.3.5 /QQQ/\QQQ\ Remote File Disclosure /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://pixaria.com |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait,...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Barracuda Arbitrary File Disclosure + Command Execution
Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall Update: 07 August 2006 Updated by: PATz...
Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution (extra)
No description provided by source. Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall...
Cisco Access Point Web Browser Interface contains a vulnerability
Overview A vulnerability in the HTTP management interface for some configurations of Cisco wireless access points could allow a remote attacker to take complete control over the affected device. Description Cisco wireless access points allow administrators to create more than one set of...
FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)
An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...
Authentication flaw
Cisco PIX/ASA 7.1.x before 7.12 and 7.0.x before 7.05, PIX 6.3.x before 6.3.5112, and FWSM 2.3.x before 2.34 and 3.x before 3.17, when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which...
CVE-2006-0515
Cisco PIX/ASA 7.1.x before 7.12 and 7.0.x before 7.05, PIX 6.3.x before 6.3.5112, and FWSM 2.3.x before 2.34 and 3.x before 3.17, when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which...
CVE-2006-0515
Cisco PIX/ASA 7.1.x before 7.12 and 7.0.x before 7.05, PIX 6.3.x before 6.3.5112, and FWSM 2.3.x before 2.34 and 3.x before 3.17, when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which...
Ubuntu 4.10 / 5.04 : squid vulnerability (USN-122-1)
Michael Bhola discovered that errors in the httpaccess configuration, in particular missing or invalid ACLs, did not cause a fatal error. This could lead to wider access permissions than intended by the administrator. Note that Tenable Network Security has extracted the preceding description bloc...
DSA-721-1 squid - design flaw
Bulletin has no description...
Phenoelit Advisory 0815 ++ /+ HP ProCurve
Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +-+- Authors FX [email protected] kim0 [email protected] Zet [email protected] Phenoelit Group http://www.phenoelit.de Advisory http://www.phenoelit.de/stuff/HPProCurve.txt Affected Products Hewlett Packard HP ProCurve Switch Tested on HP J4121A...
Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation
The remote host is an Oracle 9iAS server. By default, accessing the location /oprocmgr-status via HTTP lets an attacker obtain the list of processes running on the remote host, and even to to start or stop them. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and...
CVE-1999-1264
WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled...
CVE-1999-1264
The CVE-1999-1264 entry describes a vulnerability in WebRamp M3 routers where remote access (telnet/HTTP) is not disabled as configured, allowing access to the device despite explicit disablement. The NVD entry lists a CVSS 2.0 base score of 7.5 (HIGH) with network impact across confidentiality, ...
CVE-1999-1264
WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled...