5907 matches found
Netmechanica NetDecision Dashboard Server - Information Disclosure
Title : Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=478...
Multiple vulnerabilities in 11in1
Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...
11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion
Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...
CSRF (Cross-Site Request Forgery) in DClassifieds
Advisory ID: HTB23067 Reference: https://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryindclassifieds.html Product: DClassifieds Vendor: www.dclassifieds.eu http://www.dclassifieds.eu/ Vulnerable Version: 0.1 final and probably prior Tested Version: 0.1 final Vendor Notification: 04 January...
Debian: Security Advisory (DSA-2358-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-5078
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...
Authentication flaw
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...
CVE-2011-5078
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...
Default credentials
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account...
CVE-2011-4509
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account...
CodeMeter < 4.30.498.504 Virtual Directory Traversal Arbitrary File Access
According to its self-reported version, the CodeMeter WebAdmin server running on the remote host is prior to 4.30d 4.30.498.504. It is, therefore, affected by a directory traversal vulnerability due to a failure to properly sanitize HTTP requests for files in virtual directories. An...
Multiple vulnerabilities in 11in1
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in 11in1, which can be exploited to perform Local File Inclusion and Сross-Site Request Forgery CSRF attacks. 1 Local File Inclusion in 11in1: CVE-2012-0996 Input passed via the "class" GET parameter to index.php an...
Splunk Search Jobs Remote Code Execution
Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...
Splunk Search Jobs Remote Code Execution
Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...
Fedora 16 : ruby-1.8.7.357-1.fc16 (2011-17542)
A security flaw was found on the previous ruby that with some series of strings which was specially crafted to intentionally collide their hash values with each other, rails applications may fall into denial of services when such strings are used in HTTP requests CVE-2011-4815. This new ruby will...
CSRF (Cross-Site Request Forgery) in DClassifieds
High-Tech Bridge SA Security Research Lab has discovered vulnerability in DClassifieds, which can be exploited to perform Сross-Site Request Forgery CSRF attacks. 1 Cross-site request forgery CSRF in DClassifieds: CVE-2012-0990 The application allows authorized users to perform certain actions vi...
CVE-2009-5111
GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...
CVE-2009-5110
dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...
Design/Logic Flaw
GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...
CVE-2009-5110
dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...