CVE-2007-4614

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426...

Avast! Managed Client CAB文件处理远程堆溢出漏洞

Avast!是一款反病毒应用程序。 Avast! Managed Client处理CAB文件存在堆溢出问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Avast! Antivirus Managed Client 4.7.652 Avast! Antivirus Managed Client 4.6.394 厂商解决方案 升级到Avast! Managed Client 4.7.700版本： http://www.avast.com/eng/adnm-management-client-revision-history.html...

Heap overflow

Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around"...

Buffer overflow

Buffer overflow in the Configuration Checker ConfigChk ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method...

CVE-2007-1083

Buffer overflow in the Configuration Checker ConfigChk ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method...

CVE-2007-1083

The CVE-2007-1083 issue affects the VeriSign Configuration Checker ActiveX control (VSCnfChk.dll, version 2.0.0.2) used in VeriSign PKI products. The Nessus entry confirms a stack/buffer overflow in VerCompare() that can allow remote code execution when a user is tricked into loading a crafted we...

CVE-2007-0426

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to...

CVE-2007-0426

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to...

Lanifex Database of Managed Objects Access_manager.PHP远程文件包含漏洞

Lanifex Database of Managed Objects是一款基于PHP的WEB应用程序。 Lanifex Database of Managed Objects不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Accessmanager.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Lanifex Lanifex 2.3 Beta Lanifex Lanifex 2.2 无 !/usr/bin/perl use LWP::UserAgent; / +...

Lanifex DMO <= 2.3b (_incMgr) Remote File Include Exploit

Exploit for unknown platform in category web applications ========================================================= Lanifex DMO s...

Xtreme/Ditto News &lt;= 1.0 (post.php) Remote File Include Vulnerability

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ Xtreme/Ditto News = v.1.0 Remote File Include Vulnerability $$ Script site: http://www.xtremescripts.com/ $$ Script site: http://www.dittoscripts.com/ $$ Dork: "News Managed by Ditto News" $$...

XtremeDitto News 1.0 - post.php Remote File Inclusion

XtremeDitto News 1.0 - post.php Remote File Inclusion $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ Xtreme/Ditto News = v.1.0 Remote File Include Vulnerability $$ Script site: http://www.xtremescripts.com/ $$ Script site: http://www.dittoscripts.com/ $$ Dork: "News Managed...

Cross site scripting

Cross-site scripting XSS vulnerability in VeriSign haydn.exe, as used in Managed PKI MPKI 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTMLFILE parameter...

CVE-2006-1344

Cross-site scripting XSS vulnerability in VeriSign haydn.exe, as used in Managed PKI MPKI 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTMLFILE parameter...

CVE-2006-1344

CVE-2006-1344 describes a cross-site scripting (XSS) flaw in VeriSign’s haydn.exe CGI used by MPKI 6.0. The vulnerability stems from lack of input validation in the VHTML_FILE parameter, allowing an attacker to inject arbitrary HTML/JavaScript that is returned to the user’s browser. CORE Security...

CVE-2006-1344

Cross-site scripting XSS vulnerability in VeriSign haydn.exe, as used in Managed PKI MPKI 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTMLFILE parameter...

NetAuctionHelp v3.0 XSS Vuln

NetAuctionHelp v3.0 XSS Vuln Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html vendor:http://www.netauctionhelp.com/ affected version:v3.0 and prior Product Description: NetAuctionHelp provides auction site source code...

BEA WebLogic Operator/Admin Password Disclosure Vulnerability

The remote web server is running WebLogic. BEA WebLogic Server and WebLogic Express are reported prone to a vulnerability that may result in the disclosure of Operator or Admin passwords. An attacker who has interactive access to the affected managed server, may potentially exploit this issue in ...

Altiris Deployment Server server spoofing

Mutual authentication absence and multicast based server detection allow to spoof server and obtain full control under managed network...

BEA WebLogic config.xml Operator/Admin Password Disclosure

The remote web server is running WebLogic. BEA WebLogic Server and WebLogic Express are reportedly may allow disclosure of Operator or Admin passwords. An attacker who has interactive access to the affected managed server may potentially exploit this issue in a timed attack to harvest credentials...