OmniPCX Office远程信息泄露漏洞

BUGTRAQ ID: 28758 CVECAN ID: CVE-2008-1331 阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。 OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数，允许远程攻击者从Internet检索敏感信息。 Alcatel-Lucent OmniPCX Office = 210/061.1 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 禁止从Internet的WBM/WCA访问 对于R2.1到R4.1版本：...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : ruby1.8 vulnerabilities (USN-596-1)

Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby...

USN-596-1: Ruby vulnerabilities

Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform machine-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby...

Apple Safari 3.1之前版本多个安全漏洞

BUGTRAQ ID: 28290 CVECAN ID: CVE-2008-1011,CVE-2008-1010,CVE-2008-1009,CVE-2008-1008,CVE-2008-1007,CVE-2008-1006,CVE-2008-1005,CVE-2008-1004,CVE-2008-1003,CVE-2008-1002,CVE-2008-1001,CVE-2008-0050 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari的3.1版修复了多个安全漏洞，具体如下： CVE-2008-0050 恶意的HTTPS代理服务器可能在502 Bad...

Design/Logic Flaw

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

CVE-2008-0050

CVE-2008-0050 : The issue affects CFNetwork in Apple Mac OS X 10.4.11. A remote HTTPS proxy server can spoof secure websites by embedding data in a 502 Bad Gateway response, potentially misleading users about the authenticity of the site. The available description states the vulnerability and its...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2008-03-11-1)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2008-03-11-1 ------------------------------------------------------------------------- ASPR 2008-03-11-1: HTML Injection in BEA WebLogic Server Console...

ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2008-03-11-2 ------------------------------------------------------------------------- ASPR 2008-03-11-2: Session Fixation Vulnerability in WebLogic...

Remotely Anywhere 'Accept-Charset'字符NULL指针拒绝服务漏洞

BUGTRAQ ID: 28175 CNCAN ID:CNCAN-2008031103 Remotely Anywhere是一款远程管理软件。 Remotely Anywhere不正确处理特殊构建的HTTP请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 提交包含非法Accept-Charset参数的HTTP请求，可导致NULL指针引用而导致应用程序崩溃，造成拒绝服务攻击。 RemotelyAnywhere RemotelyAnywhere Workstation Edition 8.0.668 RemotelyAnywhere RemotelyAnywhere Server...

Henri Lindberg - Smilehouse Oy

Louhi Networks Security Advisory Advisory: Checkpoint VPN-1 UTM Edge cross-site scripting Release Date: 2008/03/06 Last Modified: 2008/03/06 Authors: Henri Lindberg, Associate of ISC [email protected] Application: Checkpoint VPN-1 Edge W Embedded NGX 7.0.48x patched in version 7.5.48 Device...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)

Cross-site scripting XSS vulnerability in example JSP applications. CVE-2006-7196 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of ' in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - directory traversal. CVE-2007-1860 - tomcat https...

CVE-2008-0870

Bea WebLogic Portal 10.0 and 9.2 up to Maintenance Pack 2 has a vulnerability that can redirect the Portal Administration Console from HTTPS to HTTP, enabling remote attackers to sniff sessions. This is documented in CVE-2008-0870 with a CVSS v2 base score of 7.5 ( HIGH ) and network attack vecto...

Cisco Unified Communications Manager key参数SQL注入漏洞

BUGTRAQ ID: 27775 CVECAN ID: CVE-2008-0026 Cisco Unified Communications Manager（CUCM，之前被称为CallManager）是Cisco IP电话解决方案中的呼叫处理组件。 CUCM的管理员和用户界面页面的key参数存在SQL注入漏洞，远程攻击者可能利用此漏洞获取敏感信息。 攻击者可以在管理员或用户界面页面的key参数中输入特制值触发SQL注入漏洞，可通过Web界面使用http或https协议来执行攻击，成功攻击可以终止SQL调用，强制到后端数据库的连接，导致泄露敏感信息，如用户名和口令哈希。 Cisco...

F5 BIG-IP Web Management Multiple XSS

The F5 BIG-IP web management interface on the remote host is susceptible to cross-site scripting attacks. %NASLMINLEVEL 70300 bigipwebxss.nasl Notes: - Some pages are way bigger than 8K and BIG-IP does not use Content-Length. The script uses custom httpsendrecvlength to retrieve the entire page...

Debian Security Advisory DSA 1468-1 (tomcat5.5)

The remote host is missing an update to tomcat5.5 announced via advisory DSA 1468-1. OpenVAS Vulnerability Test $Id: deb14681.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1468-1 tomcat5.5 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian DSA-1468-1 : tomcat5.5 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0128 Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which...

CVE-2008-0128

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

CVE-2008-0128

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...