CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...

EUVD-2024-36103

Malicious code in bioql PyPI...

CVE-2024-36459

CVE-2024-36459 is a CRLF cross-site scripting issue identified in SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. Affected components are the Web Agent implementations for IIS and Domino; the vulnerability allows an attacker to execute arbitrary Javascript ...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser...

PT-2024-27013 · Ca Technologies · Siteminder Web Agent For Domino Web Server +1

Name of the Vulnerable Software and Affected Versions: SiteMinder Web Agent for IIS Web Server affected versions not specified SiteMinder Web Agent for Domino Web Server affected versions not specified Description: A CRLF cross-site scripting issue has been identified in certain configurations of...

Exploit for Use After Free in Microsoft

CVE-2021-31166 Why I recently wrote an exploit for CVE-20...

Exploit for CVE-2022-21907

CVE-2022-21907 Description 1. This repository detects a...

TinyMCE Image Manager 1.1 XSS / File Upload

Hello list! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...

Adobe Patches Memory Flaws in Flash Player and Sandbox Vulnerability in ColdFusion

Adobe’s second set of security updates coinciding with Microsoft’s monthly patch releases were made available today. The two bulletins include patches for vulnerabilities in Adobe Flash Player and Adobe ColdFusion. The Flash vulnerabilities for Windows are rated most severe by Adobe and successfu...

ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. EMC Identifier: ESA-2012-003 CVE Identifier: CVE-2011-4142 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: EMC SourceOne Emai...

Microsoft Aims to Make Life Harder, More Expensive For Attackers

MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...

Design/Logic Flaw

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a...

CVE-2011-3140

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a...

SQL Injection Attacks Aimed at Stealing Gaming Credentials, Experts Say

The mass SQL injection attack that has been ongoing for a week or so now is designed mainly to steal credentials for online games and is quite well planned and organized, experts say. The attack, which has been using two specific domains as part of a widespread SQL injection campaign, is targetin...

CVE-2009-2509

Active Directory Federation Services ADFS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution...

Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the I...

Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmp.exe CGI executable accessible via the IIS web...

NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability

There is a buffer overflow in the remote IIS web server. It is possible to overflow the remote Web server and execute commands as the SYSTEM user. At attacker may make use of this vulnerability and use it to gain access to confidential data and/or escalate their privileges on the Web server. See...

Codebrws.asp Source Disclosure Vulnerability

Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html. OpenVAS Vulnerability Test $Id:...