Preemptive Protection against Free Download Manager Remote Control Server

A buffer overflow vulnerability was reported in Free Download Manager, a free download accelerator and manager. The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. This issue can be triggered via an HTTP reques...

Lore 1.5.6 - article.php Blind SQL Injection

Lore 1.5.6 - article.php Blind SQL Injection Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...

Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

Hello Assurent & Oracle, On Tue, 13 Jan 2009, [email protected] wrote: : Oracle BEA WebLogic Server Apache Connector Buffer Overflow : : Reference: http://www.bea.com/weblogic/server/ : : 2. Vulnerability Summary : : A remotely exploitable vulnerability has been discovered in t...

WS_FTP Server <= 6.1.0.0 Security Bypass Vulnerability

WSFTP Server is prone to a security bypass vulnerability. Copyright C 2008 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

FreeBSD : mediawiki -- multiple vulnerabilities (61b07d71-ce0e-11dd-a721-0030843d3802)

The MediaWiki development team reports : Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads ...

mediawiki -- multiple vulnerabilities

The MediaWiki development team reports: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads i...

[Backports-security-announce] Security Update for nagios3

Jan Wagner uploaded a new package for nagios3 which fixed the following security problem: CVE-2008-5028, SA32610 and Debian Bug 504894 Andreas Ericsson has discovered a vulnerability in Nagios, which can be exploited by malicious people to conduct cross-site request forgery attacks. The applicati...

FreeBSD : mantis -- multiple vulnerabilities (29255141-c3df-11dd-a721-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. Input passed to the 'filtertarget' parameter in returndynamicfilters.p...

DDIVRT-2008-18 Orb Denial of Service

Title ----- DDIVRT-2008-18 Orb Denial of Service Severity -------- Medium Date Discovered --------------- October 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- Orb Network...

Pi3Web ISAPI Requests Handling DoS Vulnerability

Pi3Web is prone to ISAPI Requests Handling DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5257

webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service crash or hang via HTTP requests, as demonstrated by a McAfee vulnerability scan...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...

CVE-2008-5028

CVE-2008-5028 is a CSRF in Nagios' cmd.cgi affecting Nagios 3.0.5 and op5 Monitor before 4.0.1. The vulnerability allows remote attackers to trigger commands in the Nagios process via unspecified HTTP requests, potentially enabling execution of arbitrary commands. Related advisories (Gentoo GLSA-...

CVE-2008-5028

Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...

Update Protection against Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability

A buffer overflow vulnerability was reported in Trend Micro’s OfficeScan. Trend Micro OfficeScan is a centralized virus and security scan management system. The flaw is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can trigger this vulnerability to inject...

Meeting Room Booking System (MRBS) < 1.4 SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================== Meeting Room Booking System MRBS 1.4 SQL Injection Exploit ============================================================== "MRBS is a system for multi-site booking of meeting...

Adobe Flash Player plug-in null pointer dereference and browser crash

If a Flash 9 SWF loads two SWF files with different SWF version numbers from two distinct HTTP requests to the exact same URL including query string arguments, then Adobe's Flash Player plug-in will try to dereference a null pointer. This issue affects at least versions 9.0.45.0, 9.0.112.0,...

CVE-2008-3663

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

CVE-2008-3663

CVE-2008-3663 summary (from provided docs): SquirrelMail prior to the patch release had a session cookie that was not marked Secure during HTTPS, potentially allowing cookie exposure to remote attackers via HTTP requests. The linked advisories reference SquirrelMail 1.4.15 and note that updates/p...

CVE-2008-3102

CVE-2008-3102 affects MantisBT: vulnerable in Mantis 1.1.x (up to 1.1.2) and 1.2.x (up to 1.2.0a2). Root cause: the session cookie is not marked Secure in HTTPS sessions, enabling potential cookie leakage. Impact stated in sources includes session hijacking through captured cookies; other CVEs in...