1883 matches found
CVE-2007-2417
Heap-based buffer overflow in mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE:...
[Full-disclosure] TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability
TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-12.html July 12, 2007 -- CVE ID: CVE-2007-2417 -- Affected Vendor: Progress Software -- Affected Products: RSA Authentication Manager Progress Database -- TippingPointTM IPS...
Progress database server buffer overflow
Buffer overflow in network service TCP/5220, TCP/5230. Progress is installed by diffgerent RSA products...
CVE-2007-3491
Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...
Buffer overflow
Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...
CVE-2007-3491
Buffer overflow in mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message...
CVE-2007-3491
CVE-2007-3491 concerns a buffer overflow in Progress OpenEdge’s _mprosrv (before 9.1E0422 and before 10.1B01 for 10.x) that can be triggered by a malformed TCP/IP message. The available documents identify the affected component (_mprosrv.exe) and the vulnerable versions, with an remote-access vec...
Openedge _mprosrv buffer overflow
There is a potential for a buffer overflow in the database executable mprosrv while reading a TCP/IP message that is incorrectly formatted. To avoid this problem, additional checking has been added to the mprosrv executable that will prevent incorrectly formatted messages from causing buffer...
CVE-2005-4841
Technical details about CVE-2005-4841 are not publicly available in the provided documents. Monitor for updates from Red Hat, NVD, CVE listings, and related advisories.
CVE-2005-4841
The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...
Webspeed OpenEdge Dos exploit
Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...
CVE-2007-2506
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...
Code injection
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...
CVE-2007-2506
This CVE concerns WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e and some 9.x variants. The vulnerability allows remote attackers to cause a denial of service (infinite loop and daemon hang) by requesting a messenger URL that calls _edit.r with no additional parameters, demonstr...
Flaw in about.r OS and Progress version disclosure
about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1...
CVE-2007-2354
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...
Information disclosure
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...
CVE-2007-2354
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...
CVE-2007-2354
CVE-2007-2354 affects Progress Webspeed Messenger. The vulnerability arises from a WService parameter containing “wsbroker1/webutil/about.r” that can disclose operating system and product information to remote attackers, constituting an information-disclosure issue. The connected documents confir...
Code injection
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...