Trend Micro OfficeScan Multiple CGI Modules Form Processing Buffer Overflow (CVE-2008-3862)

Trend Micro OfficeScan is a centralized virus and security scan management system. It is meant to consolidate the coordination of security scan actions and the management of Trend Micro virus scanner products installed on nodes of an enterprise network. The product is a central command center for...

HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)

HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow...

Ipswitch WhatsUp Small Business Application Suite Directory Traversal (CVE-2005-1939)

The Ipswitch WhatsUp Small Business product is an application suite which provides monitoring and protection services for a small network. The program allows a network to be mapped, devices monitored, and failures to be detected. A directory traversal vulnerability exists in the Ipswitch Whatsup...

PHP vulnerability full solution-vulnerability warning-the black bar safety net

PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...

Trend Micro OfficeScan CGI Password Decryption Buffer Overflow (CVE-2008-1365)

Trend Micro OfficeScan is a centralized virus and security scan management system. It is meant to consolidate the coordination of security scan actions and the management of Trend Micro virus scanner products installed on the nodes of an enterprise network. The product is a central command centre...

3Com Network Supervisor Directory Traversal (CVE-2005-2020)

The 3Com Network Supervisor is a network management application that discovers, maps, and displays network links and IP devices. It monitors devices and connections for stress levels, set thresholds and various network events. The product is also capable of generating reports in various formats. ...

Update Protection against HP Power Manager Remote Code Execution

A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...

Novell eDirectory MS-DOS Device Name Denial of Service (CVE-2005-1729)

Novell eDirectory is a Lightweight Directory Access Protocol LDAP server intended for use as a part of an identity management solution. The product is made available for multiple platforms including NetWare, Unix-like systems, and Windows. The product includes a web server component that is used...

Update Protection against Novell eDirectory dhost Buffer Overflow

A remote code execution vulnerability has been reported in Novell eDirectory. Novell eDirectory is a Lightweight Directory Access Protocol LDAP server, intended for use as a part of an identity management solution.The vulnerability is due to a buffer overflow error in the dhost service when...

Microsoft SharePoint <= 12.0.0.6219 Team Services Information Disclosure Vulnerability (KB976829)

Microsoft SharePoint Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MCshoutbox Multiple <= 1.1 Multiple Vulnerabilities - Active Check

MCshoutbox is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

[CVE-2009-1479] Boxalino - Directory Traversal Vulnerability

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Boxalino Vendor: Boxalino AG www.boxalino.com CVD ID: CVE-2009-1479 Subject: Directory Traversal Vulnerabilities Risk: High Effect: Remotely exploitable Author: Axel Neumann [email protected] Date: 2009-10-20...

Boxalino 09.05.25-0421 Directory Traversal

Exploit for unknown platform in category web applications ========================================== Boxalino 09.05.25-0421 Directory Traversal ========================================== Product: Boxalino Vendor: Boxalino AG www.boxalino.com CVD ID: CVE-2009-1479 Subject: Directory Traversal...

boxalino 09.05.25-0421 - Directory Traversal

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Boxalino Vendor: Boxalino AG www.boxalino.com CVD ID: CVE-2009-1479 Subject: Directory Traversal Vulnerabilities Risk: High Effect: Remotely exploitable Author: Axel Neumann Date: 2009-10-20 Introduction ----------...

Novell eDirectory Management Console Accept-Language Buffer Overflow (CVE-2009-0192)

Novell eDirectory is an X.500 and LDAP compatible directory service software product. It is developed by Novell, Inc. for centrally managing access to resources on multiple servers and computers within a given network. The product is made available for multiple platforms including NetWare,...

CVE-2009-2699

The vulnerability CVE-2009-2699 affects the Solaris pollset feature in the Event Port backend (poll/unix/port.c) of the Apache Portable Runtime (APR) library prior to 1.3.9, as used by Apache HTTP Server prior to 2.2.14 and other products. The issue arises from improper error handling in the Sola...

EZRecipeZee CMS 91 - Remote File Inclusion

EZRecipeZee CMS 91 - Remote File Inclusion !/usr/bin/perl + Author : kaMtiEz [email protected] + Date : September 30, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.jdtmmsm.com/ + Download : http://www.jdtmmsm.com/downloads/index.php?setFilter=11232 + version : v91 + Meth...

openSUSE 10 Security Update : ruby (ruby-6339)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

TWiki rev Parameter Shell Command Injection (CVE-2005-2877)

TWiki is a flexible enterprise collaboration platform developed in Perl. The software is a set of CGI programs that are loaded and executed by an HTTP server. TWiki is a structured, community developed documentation framework. It typically runs as a document management system, or a knowledge base...

Information disclosure

Cisco ACE XML Gateway AXG and ACE Web Application Firewall WAF before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by 1 an OPTIONS request or 2 a crafted GET request, leading to a Message-handling Errors message containing a...