5263 matches found
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...
[SECURITY] [DSA-368-1] New xpcd packages fix buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 368-1 [email protected] http://www.debian.org/security/ Matt Zimmerman August 8th, 2003 http://www.debian.org/security/faq -...
MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets)
Exploit for unknown platform in category remote exploits ===================================================== MS Windows RPC DCOM Remote Exploit w2k+XP Targets ===================================================== / DCOM RPC Overflow Discovered by LSD - Exploit Based on Xfocus's Code Written by ...
Microsoft IDS Server crossite scripting
Crossite scripting in error message...
Cisco IDS Device Manager Detection
This host is running the Cisco IDS device manager. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11689; scriptversion "1.16"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Cisco IDS Device Manager Detection"; scriptsummaryenglish:"Cisco IDS Management Web Serve...
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
The remote host seems to be running Synchrologic Email Accelerator Synchrologic is a product which allows remote PDA users to sync with email, calendar, etc. If this server is on an Internet segment as opposed to internal, you may wish to tighten the access to the aggregate.asp page. The server...
CVE-2003-0255
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...
CVE-2002-1832
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service crash via certain IP options...
Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327 Vulnerabilities Revision 1.0 For Public Release 2002 October 31 at 1600 UTC ---------------------------------------------------------------------- Contents Summary Affected Products Details...
CVE-2002-0908
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the HTTPS request...
HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uux" contains a locally exploitable buffer overflow. Description "uux" is used to run a command on a remote system. A locally exploitable buffer overflow in "uux" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities - Second Set
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities - Second Set Revision 1.0 For Public Release 2002 September 05 UTC 1500 ---------------------------------------------------------------------- Contents Summary Affected Products Detail...
Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities Revision 1.0 For Public Release 2002 September 03 at 1500 UTC ---------------------------------------------------------------------- Contents Summary Affected Products Detai...
CVE-2002-0908
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the HTTPS request...
CVE-2002-0908
Cisco IDS Device Manager web server prior to version 3.1.2 is affected by a directory traversal vulnerability that allows remote attackers to read arbitrary files through a .. sequence in an HTTPS request. Affected software is the Cisco IDS Device Manager web service; the root cause is improper v...
CVE-2002-0903
register.php for WoltLab Burning Board wbboard 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack...
CVE-2002-0121
The CVE-2002-0121 entry affects PHP 4.0 through 4.1.1, where session IDs are stored in temporary files whose names contain the session ID, enabling local users to hijack web connections. The provided documents describe the vulnerable mechanism and impact (local hijack) but do not include remediat...
CVE-2001-0962
The CVE-2001-0962 entry concerns IBM WebSphere Application Server versions 3.02 through 3.53, where session IDs used in cookies are predictable. This predictability enables remote attackers to brute-force session IDs and gain privileges of WebSphere users. The documented impact is privilege escal...
CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...
Cisco IDS Device Manager 3.1.1 - Arbitrary File Read Access
Cisco IDS Device Manager 3.1.1 - Arbitrary File Read Access source: https://www.securityfocus.com/bid/4760/info IDS Device Manager is a web interface to the Cisco IDS systems. It is distributed and maintained by Cisco Systems. The IDS Device Manager may allow a remote user to gain access to...