IBM Netezza Performance Portal用户验证凭据管理绕过漏洞

CVE ID:CVE-2013-6731 IBM Netezza数据仓库应用设备将存储、处理、数据库和分析融入到一个高性能数据仓库设备中,使大数据高级分析更简单、更迅捷和更易用。 IBM Netezza Performance Portal不正确限制对验证凭据管理的访问，允许攻击者利用漏洞通过特制的HTTP POST请求来更改其他用户的密码。 0 IBM Netezza Performance Portal 2.0 IBM Netezza Performance Portal 2.0.0.1 IBM Netezza Performance Portal 2.0.0.2 厂商补丁： IBM...

Dell GoAhead Web Server 登录页表单拒绝服务漏洞

BUGTRAQ ID: 65075 CVECAN ID: CVE-2013-3606 Dell GoAhead Web Server是集中嵌入式Web服务器。 Dell GoAhead Web Server在处理用户名长度大于16个字符的特制HTTP POST请求时，存在安全漏洞，未经身份验证的远程攻击者可利用此漏洞造成受影响交换机不响应。 0 Dell GoAhead Web Server 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.dell.com/support/drivers/us/en/...

[SECURITY] Fedora 19 Update: curl-7.29.0-13.fc19

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2013-6492

The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request...

Authentication flaw

The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request...

CVE-2013-6492

The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request...

PT-2025-31542 · Linksys · Linksys Wrt120N

Name of the Vulnerable Software and Affected Versions: Linksys WRT120N wireless routers affected versions not specified Description: A stack-based buffer overflow exists in the tmUnblock.cgi endpoint of Linksys WRT120N wireless routers. The issue occurs when processing the TM Block URL parameter...

piranha: web UI authentication bypass using POST requests

The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request...

Geeklog Calendar Plugin Cross Site Scripting Vulnerability

Geeklog is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-Site Scripting (XSS) in Ilch CMS

High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting XSS attacks against users and administrators of vulnerable application. 1 Cross-Site Scripting XSS in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...

SQL Injection in doorGets CMS

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...

NetGear WNR1000密码恢复凭证泄露漏洞

NetGear WNR1000 是一款无线路由器产品。 NetGear WNR1000版本3（固件版本 1.0.2.6060.0.86及1.0.2.5460.0.82NA）处理密码恢复请求时出现错误，本地攻击者发送特制的HTTP POST请求到passwordrecovered.cgi，即可利用此漏洞获取管理员凭证。 0 Netgear WNR1000 3 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...

Collabtive 1.x Multiple vulnerabilities

Уязвимость позволяет удаленному пользователю выполнить произвольные SQL команды в базе данных приложения. 1. Уязвимость существует из-за недостаточной обработки входных данных в HTTP POST параметре "name" в managetask.php, managemilestone.php и manageproject.php когда "action" установлен в "edit"...

SQL Injection in doorGets CMS

High-Tech Bridge Security Research Lab discovered vulnerability in doorGets CMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in doorGets CMS: CVE-2014-1459 The vulnerability exists due to insufficient validation of "positiondownid" HTTP POST parameter passed to...

Cisco WAAS Mobile Server < 3.5.5 Remote Code Execution

The remote host has a version of Cisco WAAS Mobile Server prior to version 3.5.5. It is, therefore, affected by a remote code execution vulnerability that can be triggered via a specially crafted HTTP POST request with a directory traversal string to the ReportReceiver. C Tenable Network Security...

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

Cross-Site Scripting (XSS) in Komento Joomla Extension

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Komento Joomla Extension, which can be exploited to perform script insertion attacks. 1 Cross-Site Scripting XSS in Komento Joomla Extension: CVE-2014-0793 1.1 The vulnerability exists due to insufficient sanitisation of...

CVE-2013-5220

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service device crash via crafted HTTP POST data...

Code injection

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service device crash via crafted HTTP POST data...