Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting

Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting source: https://www.securityfocus.com/bid/43954/info Oracle Fusion Middleware is prone to a cross-site scripting vulnerability in BPEL Console. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to...

Motorito Cross Site Scripting / SQL Injection

============================================= INTERNET SECURITY AUDITORS ALERT 2010-005 - Original release date: March 30th, 2010 - Last revised: September 23th, 2010 - Discovered by: Mario Diaz Caldera - Severity: 5.5/10 CVSS Base Score ============================================= I...

Fedora Update for sblim-sfcb FEDORA-2010-10323

Check for the Version of sblim-sfcb OpenVAS Vulnerability Test Fedora Update for sblim-sfcb FEDORA-2010-10323 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RedHat Update for lftp RHSA-2010:0585-01

Check for the Version of lftp OpenVAS Vulnerability Test RedHat Update for lftp RHSA-2010:0585-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

File Sharing Wizard 'HEAD' Command Remote Buffer Overflow Vulnerability

File Sharing Wizard is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Oracle WebLogic Server Encoded URL Remote Vulnerability

Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerability affects the following supported versions: 7. SP7,...

Oracle WebLogic Server 10.3.3 - Encoded URL

Oracle WebLogic Server 10.3.3 - Encoded URL source: https://www.securityfocus.com/bid/41620/info Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and I...

Oracle WebLogic Server 10.3.3 - Encoded URL

source: https://www.securityfocus.com/bid/41620/info Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerabili...

Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)

$Id: ms01033idq.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Wing FTP Server Information Disclosure Vulnerabilities

No description provided by source. Some vulnerabilities have been reported in Wing FTP Server, which can be exploited by malicious users and malicious people to disclose potentially sensitive information. 1 Input passed to the Web Client is not properly sanitised before being used. This can be...

Oracle Java System Directory Server Multiple Remote Vulnerabilities

Oracle Java System Directory Server is prone to multiple remote vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Practical Web Security testing of HTTP truncated smuggling vulnerability-vulnerability warning-the black bar safety net

In this article, we will detailed to introduce the reader for the HTTP truncated and HTTP smuggling attack security testing techniques. We will by example demonstrate how to use the HTTP Protocol, certain properties, or the use of Web application weaknesses, or different proxy for HTTP message of...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts , which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...

Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...

QuickTime Streaming Server parse_xml.cgi Remote Execution

$Id: qtssparsexmlexec.rb 7776 2009-12-09 15:13:35Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

[SECURITY] Fedora 11 Update: wget-1.12-2.fc11

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

Microsoft ISA Server HTTP Content Header (MS05-034; CVE-2005-1215)

The Microsoft Internet Security and Acceleration ISA Server is a firewall and web proxy caching server. While relaying client requests to upstream servers, ISA will keep a copy of the returned content in its cache. When unchanged resources are later requested by web clients, the content is served...

Sybase EAServer WebConsole Buffer Overflow (CVE-2005-2297)

Sybase EAServer is a web service application server suite. The software provides a web-based management console to allow a remote user using a web browser to perform database administration tasks. The communication between the client and the web-based management console is encapsulated in the HTT...

SSL renegotiation attacks detailed explanation-vulnerability warning-the black bar safety net

English good friends can see my English blog on the original. The attack uses the SSL Protocol renegotiation vulnerability, allowing an attacker to man in the middle attacks way in the communication of the initial portion of the insertion of any selected plaintext. The following assuming you on t...