Adobe JRun 4 - logfile (Authenticated) Directory Traversal

Adobe JRun 4 - logfile Authenticated Directory Traversal Digital Security Research Group DSecRG Advisory DSECRG-09-052 Application: Adobe JRun Application Server Versions Affected: 4 updater 7 Vendor URL: http://www.adobe.com/products/jrun/ Bug: Directory Traversal File Read Exploits: YES Reporte...

SonicOS Format String

SEC Consult Security Advisory ========================================================================== title: SonicOS Format String Vulnerability program: SonicWALL Global VPN Client vulnerable version: PRO 4100 SonicOS 4.0.0.2-51e Standard and Enhanced possibly other versions homepage:...

SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability

SEC Consult Security Advisory 20090525-4 ========================================================================== title: SonicOS Format String Vulnerability program: SonicWALL Global VPN Client vulnerable version: PRO 4100 SonicOS 4.0.0.2-51e Standard and Enhanced possibly other versions...

Openfire多个跨站脚本和目录遍历漏洞

BUGTRAQ ID: 32935,32937,32938,32939,32940,32943,32944,32945 Openfire（原名为Wildfire）是一个采用Java开发的跨平台开源实时协作（RTC）服务器。...

CVE-2008-4749

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control VImpX.ocx 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via 1 the LogFile property and ClearLogFile method, and 2 the SaveToFile method...

CVE-2008-4750

Stack-based buffer overflow in the VImpX.VImpAX ActiveX control VImpX.ocx 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property...

Design/Logic Flaw

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control VImpX.ocx 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via 1 the LogFile property and ClearLogFile method, and 2 the SaveToFile method...

CVE-2008-4749

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control VImpX.ocx 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via 1 the LogFile property and ClearLogFile method, and 2 the SaveToFile method...

CVE-2008-4749

The CVE-2008-4749 issue affects DB Software Laboratory’s VImpX.VImpAX ActiveX control (VImpX.ocx) version 4.8.8.0 (possibly 4.7.7). The vulnerability arises from insecure methods that let remote attackers overwrite arbitrary files via the LogFile property and ClearLogFile method, and via the Save...

CVE-2008-4750

Stack-based buffer overflow in the VImpX.VImpAX ActiveX control VImpX.ocx 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property...

VImpX.ocx ActiveX控件多个文件破坏漏洞

BUGTRAQ ID: 31907 VImpX ActiveX控件允许跨表格或ODBC数据源将数据导入到Oracle、SQL Server或ODBC数据库中。 VImpX.ocx ActiveX控件（VImpX.ocx，CLSID...

condor: denial of service attack on Schedd via corrupt logfile

Unspecified vulnerability in the condor schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service crash via unknown vectors...

condor: denial of service attack on Schedd via corrupt logfile

Unspecified vulnerability in the condor schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service crash via unknown vectors...

alkacon-xssdisclose.txt

Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a vulnerability in the Logfile Viewer Settings function. Input to Parameter filePath.0 in page opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.js...

CVE-2008-1300

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

Cross site scripting

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

CVE-2008-1300

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

CVE-2008-1300

CVE-2008-1300 describes a cross-site scripting (XSS) vulnerability in Alkacon OpenCms, specifically in the Logfile Viewer Settings function (system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp) in OpenCms 7.0.3 and 7.0.4. The flaw allows remote attackers to inject arbitrary web s...

Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure

Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a vulnerability in the Logfile Viewer Settings function. Input to Parameter filePath.0 in page opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.js...

Rejetto HTTP File Server (HFS) 1.52.x - Multiple Vulnerabilities

Rejetto HTTP File Server HFS 1.52.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a...