1768 matches found
CVE-2010-4590
Cross-site scripting XSS vulnerability in HTTP Access Services HTTP-AS in the Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in HTTP Access Services HTTP-AS in the Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...
Design/Logic Flaw
The Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a...
Design/Logic Flaw
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service...
CVE-2010-4591
The CVE-2010-4591 entry concerns IBM Lotus Mobile Connect (LMC)
CVE-2010-4592
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service...
CVE-2010-4590
Cross-site scripting XSS vulnerability in HTTP Access Services HTTP-AS in the Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-4590
CVE-2010-4590 describes a Cross-site scripting (XSS) vulnerability in the HTTP Access Services (HTTP-AS) component of IBM Lotus Mobile Connect (LMC) prior to version 6.1.4. The flaw affects the Connection Manager and allows remote attackers to inject arbitrary web script or HTML via unspecified v...
CVE-2010-4592
The CVE-2010-4592 issue affects IBM Lotus Mobile Connect (Connection Manager) prior to version 6.1.4 when HTTP Access Services is enabled. The vulnerability stems from improper handling of failed HTTP-TCP session establishment, which allows remote attackers to trigger memory consumption leading t...
CVE-2009-4151
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...
Pixaria Gallery 2.3.5 - 'file' Remote File Disclosure
?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Pixaria Gallery 2.3.5 /QQQ/\QQQ\ Remote File Disclosure /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://pixaria.com |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait,...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Barracuda Arbitrary File Disclosure + Command Execution
Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall Update: 07 August 2006 Updated by: PATz...
Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution (extra)
No description provided by source. Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall...
Cisco Access Point Web Browser Interface contains a vulnerability
Overview A vulnerability in the HTTP management interface for some configurations of Cisco wireless access points could allow a remote attacker to take complete control over the affected device. Description Cisco wireless access points allow administrators to create more than one set of...
FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)
An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...
CVE-2006-0515
Cisco PIX/ASA 7.1.x before 7.12 and 7.0.x before 7.05, PIX 6.3.x before 6.3.5112, and FWSM 2.3.x before 2.34 and 3.x before 3.17, when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which...
Authentication flaw
Cisco PIX/ASA 7.1.x before 7.12 and 7.0.x before 7.05, PIX 6.3.x before 6.3.5112, and FWSM 2.3.x before 2.34 and 3.x before 3.17, when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which...