CVE-2004-0711

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "" as wildcards as if they were the legal "/" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected...

Spam-protection

We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It shouldn't be too hard to do - we already track URL links. The UI will need some thought though what do you do if you define a URL as spam, and it's in a page? Revert the page back t...

Web Wiz Forums Registration Rules XSS Vulnerability

------------------------------------------------------ WEB WIZ FORUMS REGISTRATION RULES XSS VULNERABILITY ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?528 XSS / Cross Site Scripting attack allows an attacker to hijack other...

BEA WebLogic Server contains a vulnerability in the URL pattern matching

Overview There is a vulnerability in the URL pattern matching functionality of BEA WebLogic Server that could allow URL restrictions to be bypassed. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and...

blackicepro.txt

Hi! I'm using BlackICE PC Protection formerly known as BlackICE Defender for a very long time1, 2. It is one of my favorite hostbased intrusion detection systems and personal firewall for windows. During some tests for a paper on cross site scripting I've seen that there is an evasion possibility...

CVE-2003-0106

The CVE-2003-0106 entry concerns Symantec Enterprise Firewall (SEF) 7.0 HTTP proxy URL pattern matching that can be bypassed when requests are URL-encoded (escapes, Unicode, UTF-8). The issue allows proxy users to bypass blocked URL pattern matching, enabling access to URLs that should be blocked...

Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue

-- Corsaire Security Advisory -- Title: Symantec Enterprise Firewall SEF HTTP URL pattern evasion issue Date: 24.02.03 Application: Symantec Enterprise Firewall SEF 7.0 Environment: Windows NT 4.0, Windows 2000, Author: Martin O'Neal [email protected] Audience: General Distribution -- Sco...

Lotus Domino Default Navigator Protection By-pass (#NISR29102001B)

NGSSoftware Insight Security Research Advisory Name: Lotus Domino Default Navigator Protection By-pass Systems Affected: Lotus Domino Web Server 5.x on all operating systems Severity: Low Vendor URL: http://www.lotus.com/ Author: David Litchfield [email protected] Date: 29th October 2001 Adviso...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a sequence, as seen in 1 gopendir, 2 glstat, 3 gstat, and 4 the glob0 buffer as used i...

CVE-2001-0247

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a sequence, as seen in 1 gopendir, 2 glstat, 3 gstat, and 4 the glob0 buffer as used in the glob functions glob2 and glob3...