765 matches found
PHPInv 0.8.0 (LFI/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ====================================================== PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ====================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...
phpinv 0.8.0 - Local File Inclusion Cross-Site Scripting
phpinv 0.8.0 - Local File Inclusion Cross-Site Scripting ========================================================= PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O...
phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting
========================================================= PHPInv 0.8.0 LFI/XSS Multiple Remote Vulnerabilities ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
CVE-2008-1397
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service site-to-site VPN tunnel outage, and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's...
Analysis of ring3 under the confrontation 0 8 rising active Defense-vulnerability warning-the black bar safety net
Note: the article has been published in 2 0 0 7 years 1 2 the hack Defense action, after by the original author to submit to the evil octal information security team, the reprint please indicate the original source. I actually for rising antivirus the impression has been is good, to consume...
openSUSE 10 Security Update : ruby (ruby-4703)
This update of ruby improves the SSL certificate verification process. CVE-2007-5162, CVE-2007-5770 Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Design/Logic Flaw
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
CVE-2007-5361
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
CVE-2007-5361
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
CVE-2007-5361
The CVE-2007-5361 issue affects Alcatel-Lucent OmniPCX Enterprise (7.1 and earlier). The Communication Server caches a phone IP during a TFTP request from an IP Touch device and then uses that IP as the destination for all subsequent VoIP packets to that phone. This enables remote attackers to ca...
Code injection
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications...
Code injection
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...
CVE-2007-4615
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications...
CVE-2007-3319
The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...
CVE-2007-3319
The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...
CVE-2007-2480
The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...
CVE-2007-2480
The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...
CVE-2007-2480
CVE-2007-2480 affects Linux kernel 2.6.21 and earlier, in net/ipv4/udp.c. The _udp_lib_get_port function allows binding a port with a specific local address even when the port is already bound by a wildcard local address, potentially letting local users intercept local traffic for daemons or othe...
Privilege escalation
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol WPAD without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet...
CVE-2003-1307
Summary: CVE-2003-1307 affects the mod_php module of the Apache HTTP Server. Vulnerability: Local users with write access to PHP scripts can signal the server’s process group and manipulate server file descriptors, demonstrated by sending a STOP signal and intercepting connections on the server’s...