3627 matches found
NETGEAR DG632 Router - Remote Denial of Service
NETGEAR DG632 Router - Remote Denial of Service Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632RemoteDoS.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTIO...
IceWarp WebMail口令取回功能输入验证漏洞
BUGTRAQ ID: 34827 CVECAN ID: CVE-2009-1469 Merak Email Server是一个全面的办公室局域网或Internet通讯邮件解决方案。 Merak邮件服务器的WebMail模块在登陆页面提供了“忘记口令”取回功能,忘记了登录口令的用户可以在这里向邮件服务器提供他们的邮件地址,之后服务器检查系统中是否存在这个地址并将相关的用户口令发回到这个地址。 在点击Forgot Password页面的提交按键时,所发送的HTTP POST请求包含有类似于以下的负载:...
eLitius 1.0 Command Execution
?php //786 / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== / | | || | | \ | | / ...
[RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in the IceWarp WebMail Server. Attackers that are in control of a user account for the web-based email and groupware components are able to execut...
IceWarp WebMail SQL Injection
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in the IceWarp WebMail Server. Attackers that are in control of a user account for the web-based email and groupware components are able to execut...
CVE-2009-0993
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...
Format string
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...
CVE-2009-0993
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...
Breach Security ModSecurity for Apache DoS
Module hangs on incomplete HTTP POST multipart/form-data request...
CVE-2008-6395
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service device crash via a malformed HTTP POST request...
Cross site request forgery (csrf)
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service device crash via a malformed HTTP POST request...
CVE-2008-6395
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service device crash via a malformed HTTP POST request...
CVE-2002-2428
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP POST request that contains a Content-Length header but no body data...
CVE-2002-2428
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP POST request that contains a Content-Length header but no body data...
Firefox directives to not cache pages ignored
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
KTorrent PHP Code Injection And Security Bypass Vulnerability
KTorrent is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site request forgery (csrf)
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...
CVE-2008-5905
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...
CVE-2008-5905
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...
CVE-2008-5905
KTorrent (KDE BitTorrent client) is affected by CVE-2008-5905 and CVE-2008-5906 via the web interface plugin prior to 3.1.4. The vulnerability arises from an unauthenticated web interface that does not restrict access to torrent upload and does not properly sanitize request parameters, enabling r...