Lucene search
K

1883 matches found

Cvelist
Cvelist
added 2007/07/15 9:0 p.m.27 views

CVE-2007-2417

Heap-based buffer overflow in mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE:...

8.1AI score0.16199EPSS
Exploits0References10
securityvulns
securityvulns
added 2007/07/13 12:0 a.m.69 views

[Full-disclosure] TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability

TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-12.html July 12, 2007 -- CVE ID: CVE-2007-2417 -- Affected Vendor: Progress Software -- Affected Products: RSA Authentication Manager Progress Database -- TippingPointTM IPS...

10CVSS1.5AI score0.16199EPSS
Exploits0
securityvulns
securityvulns
added 2007/07/13 12:0 a.m.35 views

Progress database server buffer overflow

Buffer overflow in network service TCP/5220, TCP/5230. Progress is installed by diffgerent RSA products...

10CVSS5.4AI score0.16199EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2007/06/29 6:30 p.m.20 views

CVE-2007-3491

Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...

7.5CVSS6.9AI score0.02517EPSS
Exploits0References6
Prion
Prion
added 2007/06/29 6:30 p.m.20 views

Buffer overflow

Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...

7.5CVSS7.2AI score0.02517EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/06/29 6:0 p.m.19 views

CVE-2007-3491

Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...

6.9AI score0.02517EPSS
Exploits0References6
CVE
CVE
added 2007/06/29 6:0 p.m.44 views

CVE-2007-3491

CVE-2007-3491 concerns a buffer overflow in Progress OpenEdge’s _mprosrv (before 9.1E0422 and before 10.1B01 for 10.x) that can be triggered by a malformed TCP/IP message. The available documents identify the affected component (_mprosrv.exe) and the vulnerable versions, with an remote-access vec...

7.5CVSS7AI score0.02517EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2007/06/28 12:0 a.m.30 views

Openedge _mprosrv buffer overflow

There is a potential for a buffer overflow in the database executable mprosrv while reading a TCP/IP message that is incorrectly formatted. To avoid this problem, additional checking has been added to the mprosrv executable that will prevent incorrectly formatted messages from causing buffer...

4.4AI score
Exploits0
CVE
CVE
added 2007/06/11 6:0 p.m.41 views

CVE-2005-4841

Technical details about CVE-2005-4841 are not publicly available in the provided documents. Monitor for updates from Red Hat, NVD, CVE listings, and related advisories.

7.1CVSS7AI score0.09274EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2007/06/11 6:0 p.m.29 views

CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...

6.7AI score0.09274EPSS
Exploits0References1
securityvulns
securityvulns
added 2007/05/14 12:0 a.m.107 views

Webspeed OpenEdge Dos exploit

Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...

0.4AI score
Exploits0
NVD
NVD
added 2007/05/04 1:19 a.m.21 views

CVE-2007-2506

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...

7.8CVSS6.7AI score0.03967EPSS
Exploits1References7
Prion
Prion
added 2007/05/04 1:19 a.m.15 views

Code injection

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...

7.8CVSS7.3AI score0.03967EPSS
Exploits1References7Affected Software2
CVE
CVE
added 2007/05/04 1:0 a.m.51 views

CVE-2007-2506

This CVE concerns WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e and some 9.x variants. The vulnerability allows remote attackers to cause a denial of service (infinite loop and daemon hang) by requesting a messenger URL that calls _edit.r with no additional parameters, demonstr...

7.8CVSS6.7AI score0.03967EPSS
Exploits1References7Affected Software2
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.53 views

Flaw in about.r OS and Progress version disclosure

about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1...

0.9AI score
Exploits0
NVD
NVD
added 2007/04/30 10:19 p.m.20 views

CVE-2007-2354

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...

7.8CVSS6.2AI score0.02038EPSS
Exploits0References2
Prion
Prion
added 2007/04/30 10:19 p.m.22 views

Information disclosure

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...

7.8CVSS6.7AI score0.02038EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/04/30 10:0 p.m.24 views

CVE-2007-2354

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...

6.2AI score0.02038EPSS
Exploits0References2
CVE
CVE
added 2007/04/30 10:0 p.m.63 views

CVE-2007-2354

CVE-2007-2354 affects Progress Webspeed Messenger. The vulnerability arises from a WService parameter containing “wsbroker1/webutil/about.r” that can disclose operating system and product information to remote attackers, constituting an information-disclosure issue. The connected documents confir...

7.8CVSS6.2AI score0.02038EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/04/25 8:19 p.m.16 views

Code injection

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...

10CVSS7.9AI score0.02404EPSS
Exploits1References5
Rows per page
Query Builder