Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. The specific flaw exists within the iMonitor NDS Server, which by default exposes an HTTP interface on TCP port 8028 and an HTTPS...

ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability

ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-016.html May 22, 2006 -- CVE ID: CVE-2006-2496 -- Affected Vendor: Novell -- Affected Products: Novell eDirectory 8.8 Novell iMonitor 2.4 -- TippingPointTM IPS Customer...

Novell eDirectory Novell Directory Service buffer overflow

iMonitor NDS Server buffer overflow HTTP TCP/8028, HTTPS TCP/8038 on oversized URI in NDS path...

Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities

The remote host appears to be running Symantec Scan Engine. This version of Scan Engine is vulnerable to several flaws that could allow a remote attacker to take control of the scan engine. The following flaws are present: - Fixed HTTPS certificate key - Configuration file retrieval with...

Kerio WinRoute Firewall HTTP/HTTPS Management Detection

The remote host is running a firewall application. Description : The remote host appears to be running the Kerio WinRoute Firewall application. It is possible to access the HTTP or HTTPS management interface on the host. OpenVAS Vulnerability Test $Id: keriowrfmanagementdetection.nasl 8023...

pound reverse proxy / load balancer / HTTPS front-end buffer overflow

Buffer overflow on oversized hostname...

Multiple Microsoft Internet Explorer vulnerabilities

Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak...

CVE-2005-2830

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."...

CVE-2005-2830

CVE-2005-2830 is an information-disclosure vulnerability in Microsoft Internet Explorer 5.01/5.5/6 when using an HTTPS proxy that requires Basic Authentication, causing URLs to be sent in cleartext. The issue is documented in the HTTPS Proxy Vulnerability (CAN-2005-2830) and is addressed by Micro...

CVE-2005-2830

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."...

Microsoft Internet Explorer HTTPS Proxy Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information disclosure vulnerability when using an authenticating proxy server for HTTPS communications. Exploitation of this issue could result in an attacker gaining a user's authentication credentials. This issue only exists when the...

Novell eDirectory iMonitor buffer overflow

Added: 11/29/2005 CVE: CVE-2005-2551 BID: 14548 OSVDB: 18703 Background iMonitor is a web service which is a component of Novell eDirectory. Problem A buffer overflow when processing long HTTP or HTTPS requests leads to remote command execution. Resolution Upgrade to eDirectory 8.7.3 IR7 or highe...

Kerio WinRoute Firewall HTTP/HTTPS Management Detection

The remote host appears to be running the Kerio WinRoute Firewall application. It is possible to access the HTTP or HTTPS management interface on the host. Script Written By Ferdy Riphagen Script distributed under the GNU GPLv2 License. Changes by Tenable : - Improved version extraction - Report...

Deprecated Secure HyperText Transfer Protocol (S-HTTP) Reporting

This web server supports the deprecated Secure HyperText Transfer Protocol S-HTTP, a cryptographic layer that was defined in 1999 by RFC 2660. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2005-3330

The httpsrequest function in Snoopy 1.2, as used in products such as 1 MagpieRSS, 2 WordPress, 3 Ampache, and 4 Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function...

CVE-2005-3330

The httpsrequest function in Snoopy 1.2, as used in products such as 1 MagpieRSS, 2 WordPress, 3 Ampache, and 4 Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function...

CVE-2005-3322

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service crash via HTTPs SSL...

CVE-2005-3330

The httpsrequest function in Snoopy 1.2, as used in products such as 1 MagpieRSS, 2 WordPress, 3 Ampache, and 4 Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function...

CVE-2005-3322

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service crash via HTTPs SSL...

CVE-2005-3330

The CVE-2005-3330 entry concerns Snoopy 1.2, where the _httpsrequest function allows remote command execution via shell metacharacters in an HTTPS URL to an SSL page, due to improper handling in the fetch function. Affected usage includes MagpieRSS, WordPress, Ampache, and Jinzora. Documented imp...