Design/Logic Flaw

Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...

Authentication flaw

The administrative web interface on the Cisco Wireless LAN Controller WLC platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services...

CVE-2009-1167

Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...

CVE-2009-1166

The administrative web interface on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services...

CVE-2009-1167

CVE-2009-1167 affects Cisco Wireless LAN Controllers (WLC). A remote attacker can send crafted HTTP/HTTPS requests to an administrative interface to perform unauthorized configuration changes. Affected firmware: 4.x prior to 4.2.205.0 and 5.x prior to 5.2.191.0, across WLCs and related modules. C...

PHP Live! 3.2.1/2 (x) Remote Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== PHP Live! 3.2.1/2 x Remote Blind SQL Injection Vulnerability ============================================================== PhpLive 3.2.1/2 x Blind SQL injection -X | |/ / || |...

Multiple Flaws in Axesstel MV 410R

Multiple Flaws in Axesstel MV 410R by Filip Palian filip dot palian at pjwstk dot edu dot pl Description: Axesstel MV 410R is a device offered by the two leading polish telecom operators Orange and Polish Telecom to provide broadband Internet in CDMA technology and it's already widely in use...

Axesstel MV 410R Bypass / XSS

Multiple Flaws in Axesstel MV 410R by Filip Palian filip dot palian at pjwstk dot edu dot pl Description: Axesstel MV 410R is a device offered by the two leading polish telecom operators Orange and Polish Telecom to provide broadband Internet in CDMA technology and it's already widely in use...

Multiple Flaws in Huawei D100

Multiple Flaws in Huawei D100 by Filip Palian filip dot palian at pjwstk dot edu dot pl Description: Huawei D100 is a device offered by the polish telecom operator - Play, to provide broadband Internet in CDMA technology and it's already widely in use. Overview: Huawei D100 firmware and its defau...

Using sslstrip to MiTM attacks(Bypass https)-bug warning-the black bar safety net

Everyone knows, including the network for MiTM attacks can allow an attacker to more efficiently intercepted within the network the user's password and secret information. In BackTrack use EtterCap or ArpSpoof tool. But Ettercap supports the Protocol, only HTTP, FTP, Telnet, SMTP, etc. in clear...

CVE-2009-2046

The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a 1 http or 2 https request, related to the a SD Camera Web Server and the b Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr9649...

Cross site request forgery (csrf)

The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a 1 http or 2 https request, related to the a SD Camera Web Server and the b Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr9649...

Cisco Physical Access Gateway DoS

Memory leaks on HTTPs processing...

Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products Advisory ID: cisco-sa-20090624-video Revision 1.0 For Public Release 2009 June 24 1600 UTC GMT +--------------------------------------------------------------------- Summary...

CVE-2009-2046

CVE-2009-2046 affects Cisco Video Surveillance 2500 Series IP Camera firmware before 2.1. The embedded web server on the camera’s HTTP/HTTPS interfaces (SD Camera Web Server and Wireless Camera HTTP Server) allows remote access to read arbitrary files, exposing sensitive data. Root cause is an in...

CVE-2009-2046

The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a 1 http or 2 https request, related to the a SD Camera Web Server and the b Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr9649...

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

多个浏览器HTTPS内容上下文中的HTTP资源安全绕过漏洞

Bugraq ID: 35403 CVE ID：CVE-2009-2065 CVE-2009-2064 CVE-2009-2066 CVE-2009-2067 CNCVE ID：CNCVE-20092065 CNCVE-20092064 CNCVE-20092066 CNCVE-20092067 当页面通过不安全方法对安全内容请求资源进行操作时不正确显示警告，可导致绕过多个WEB浏览器安全限制。 攻击者可以利用这个漏洞进行钓鱼攻击或获得敏感信息。不过要利用此漏洞，攻击者必须截获或控制网络通信，如通过中间人，DNS毒药等攻击。 如下浏览器受此漏洞影响： Microsoft Internet...

Stable, Beta update: Security fix

Google Chrome 2.0.172.33 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs. CVE-2009-2121: Buffer overflow processing HTTP responses Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP...

Apple Safari Web Script Execution Vulnerabilities - June09

This host has Safari browser installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodapplesafariwebscriptexecvulnjun09.nasl 7585 2017-10-26 15:03:01Z cfischer $ Apple Safari Web Script Execution Vulnerabilities - June09 Authors: Sharath S Copyright:...