EUVD-2008-2024

Malware in sbrugna...

EUVD-2005-1121

Malware in sbrugna...

RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28277/info RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Cross site scripting

Cross-site scripting XSS vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it mig...

CVE-2008-2027

Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url paramet...

CVE-2008-2026

Cross-site scripting XSS vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it mig...

CVE-2008-2027

The CVE-2008-2027 entry describes an Open Redirect vulnerability in RSA Authentication Agent 5.3.0.258 for Web for IIS, specifically within WebID/IISWebAgentIF.dll. The vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks when a crafted ftp U...

CVE-2008-2026

The CVE-2008-2026 issue affects RSA Security's WebID IISWebAgentIF.dll in the RSA Authentication Agent for Web, version 5.3.0.258 and older than 5.3.3.378. Root cause is insufficient filtering of the postdata parameter, enabling remote XSS via a URL-encoded postdata value. An exploit example exis...

RSA认证代理登录页面IISWebAgentIF.dll跨站脚本漏洞

BUGTRAQ ID: 28277 CVECAN ID: CVE-2008-1470 RSA认证代理软件是非常流行的动态认证工具，可控制对公司网络、基于Web的应用和操作系统的访问。 RSA认证的服务器端脚本/WebID/IISWebAgentIF.dll没有正确地过滤postdata参数输入，如果攻击者通过POST或GET方式传送了恶意参数的话，就可能导致跨站脚本攻击。 RSA Security RSA Authentication Agent for Web 5.3.0.258 RSA Security ------------...

ProCheckUp Security Advisory 2007.44

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR07-44: XSS on RSA Authentication Agent login page Vulnerability found: 5th December 2007 Vendor informed: 13th December 2007 Severity: Medium-high Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services...

Cross site scripting

Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting XSS attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118...

CVE-2008-1470

Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting XSS attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118...

CVE-2008-1470

CVE-2008-1470 describes an incomplete blacklist vulnerability in IISWebAgentIF.dll of the WebID RSA Authentication Agent 5.3 (and possibly earlier) , allowing remote attackers to perform cross-site scripting (XSS) via the postdata parameter. The issue stems from an incomplete fix for CVE-2005-111...

RSA WebID 5.3 - IISWebAgentIF.dll Cross-Site Scripting

RSA WebID 5.3 - IISWebAgentIF.dll Cross-Site Scripting source: https://www.securityfocus.com/bid/28277/info RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28277/info RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

rsa-xss.txt

The following security report has been sent to RSA/EMC on the 2/10/2007 and confirmed by them. RSA took action to alert their customers. ----------------------------------------- Description The WebID authentication framework suffers from a flow allowing to steal an authenticated users's session ...

Security Advisory on RSA Web ID (XSS)

The following security report has been sent to RSA/EMC on the 2/10/2007 and confirmed by them. RSA took action to alert their customers. ----------------------------------------- Description The WebID authentication framework suffers from a flow allowing to steal an authenticated users's session ...

CVE-2005-1118

Cross-site scripting XSS vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter...

CVE-2005-1118

CVE-2005-1118 describes a cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll of the RSA Authentication Agent for Web 5.2. The flaw allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. The CVE entry lists the affected product as RSA Authentication A...