In the hierarchical architecture looking for java web vulnerability-vulnerability warning-the black bar safety net

web application development sites, is currently the most widely used program. But the developers of the level is uneven, resulting in a wide variety of web vulnerabilities. This article standing in a layered architecture perspective, the analysis about how to in a java web program to find the may...

olatedownload-xss.txt

-Summary- Software: Olate Download Sowtwares Web Site: http://www.olate.co.uk/ Versions: 3.4.2 Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei addmimistrator Risk Level: Middel Description Olate download is prone to Cross site scripting, cause of...

Trend Micro VsapiNT.sys UPX File Parsing DoS

The version of Trend Micro Antivirus installed on the remote Windows host contains a divide-by-zero error in its 'VsapiNT.sys' kernel driver. Using a specially crafted UPX file, a remote attacker may be able to leverage this flaw to crash the affected host. C Tenable Network Security, Inc...

CVE-2007-0851

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center CCC Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable...

CVE-2007-0851

CVE-2007-0851 describes a buffer overflow in Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, exploitable when processing UPX-packed executables (as used in CCC Cleaner). The CCC Cleaner component is affected when the UPX-packed file is scanned, enabling arbitrary code ...

PT-2006-3745 · X Cart · X-Cart

Name of the Vulnerable Software and Affected Versions: X-Cart Gold and Pro versions 4.0.18 through 4.1.0 beta 1 Description: The issue allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field in search.php, when the settings specify only "Search in Detailed...

phpBB template file code execution

phpBB HTML template files are parsed and executed as PHP code. This files are not well filtered so a user having access to template files can execute PHP code. You can't trust your designer or template files you found around the web Example: Replace ALL switchenablepmpopup in overallheader.tpl By...

PeopleSoft (Oracle) PSCipher Encryption Weakness

Vendor: PeopleSoft Product: People Tools Version: 8.4x Platform: Multi-platform Title: Weak Encryption Description: PeopleSoft uses PSCipher for encryption/hashing purposes. Based on observations from the output of PSCipher and on our familiarity with the cryptographic library objects and methods...

Snort <= 2.4.0 SACK TCP Option Error Handling

Snort = 2.4.0 SACK TCP Option Error Handling Package: Snort 2.4.0 And previous versions Vendor url: http://www.snort.org Class: Error Handling Exceptional Conditions Risk: High Credits: A. Alejandro Hernndez Hernndez Contact: nitrousatvulnfactdotcom BACKGROUND Snort is an open source network...

CVE-2005-0256

The wufnmatch function in wufnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service CPU exhaustion by recursion via a glob pattern with a large number of wildcard characters, as demonstrated using the dir command...

CVE-2005-0256

The wufnmatch function in wufnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service CPU exhaustion by recursion via a glob pattern with a large number of wildcard characters, as demonstrated using the dir command...

CVE-2004-0711

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "" as wildcards as if they were the legal "/" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected...

CVE-2004-0711

The CVE describes a flaw in BEA WebLogic Server 6.x URL pattern matching where illegal patterns ending in “” are treated as the legal “/ ” wildcard. This could allow WebLogic 7.x to bypass access restrictions because these illegal patterns are (purportedly) rejected but effectively treated as all...

CVE-2004-0711

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "" as wildcards as if they were the legal "/" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected...

Spam-protection

We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It shouldn't be too hard to do - we already track URL links. The UI will need some thought though what do you do if you define a URL as spam, and it's in a page? Revert the page back t...

Web Wiz Forums Registration Rules XSS Vulnerability

------------------------------------------------------ WEB WIZ FORUMS REGISTRATION RULES XSS VULNERABILITY ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?528 XSS / Cross Site Scripting attack allows an attacker to hijack other...

BEA WebLogic Server contains a vulnerability in the URL pattern matching

Overview There is a vulnerability in the URL pattern matching functionality of BEA WebLogic Server that could allow URL restrictions to be bypassed. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and...

blackicepro.txt

Hi! I'm using BlackICE PC Protection formerly known as BlackICE Defender for a very long time1, 2. It is one of my favorite hostbased intrusion detection systems and personal firewall for windows. During some tests for a paper on cross site scripting I've seen that there is an evasion possibility...

CVE-2003-0106

The CVE-2003-0106 entry concerns Symantec Enterprise Firewall (SEF) 7.0 HTTP proxy URL pattern matching that can be bypassed when requests are URL-encoded (escapes, Unicode, UTF-8). The issue allows proxy users to bypass blocked URL pattern matching, enabling access to URLs that should be blocked...

Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue

-- Corsaire Security Advisory -- Title: Symantec Enterprise Firewall SEF HTTP URL pattern evasion issue Date: 24.02.03 Application: Symantec Enterprise Firewall SEF 7.0 Environment: Windows NT 4.0, Windows 2000, Author: Martin O'Neal [email protected] Audience: General Distribution -- Sco...