973 matches found
CVE-2002-2409
Photon microGUI in QNX Neutrino realtime operating system RTOS 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID...
Airkiosk/formlib application is XSS vuln
In the last week I've found a XSS vuln into the Sutra's Airkiosk application for the realtime distribution of flights/booking and check-in interface www.airkiosk.com. The XSS is possible because they are using a VULN/OLD formlib.pl in their application that permits to execute any JavaScript you...
securityreporter-traverse.txt
SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...
[Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability
SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...
Ignite Realtime Openfire未明特权提升漏洞
Ignite Realtime Openfire是一款实时协作服务程序。 Ignite Realtime Openfire存在多个问题,远程攻击者可以利用漏洞提升特权。 漏洞允许恶意用户通过内置的管理控制台上传代码到Openfire而执行任意指令。目前没有详细漏洞细节提供。 Ignite Realtime Openfire 3.3 升级程序: Ignite Realtime Openfire 3.3 Ignite Realtime openfire-3.3.1-1.i386.rpm...
CVE-2007-2975
The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...
Design/Logic Flaw
The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...
CVE-2007-2975
The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...
CVE-2007-2975
CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...
solaris/sparc connect-back (with XNOR encoded session) 600 bytes
No description provided by source. / black-RXenc-con-back-SOLARIS.c MIPS This is a relitivly small 600 byte shellcode that encodes all network trafic between the exploited process and the attacker. All clear-text shell i/o is encoded using a simple NOT algo before being transmitted on the wire...
[Full-disclosure] iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 rc.local Insecure File Permissions Vulnerability
QNX RTOS 6.3.0 rc.local Insecure File Permissions Vulnerability iDefense Security Advisory 02.07.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=387 February 7, 2006 I. BACKGROUND QNX Software Systems Ltd.'s Neutrino RTOS QNX is a real-time operating system designed for use...
CVE-2002-2039
/bin/su in QNX realtime operating system RTOS 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV invalid memory reference signal...
CVE-2002-2041
Multiple buffer overflows in realtime operating system RTOS 6.1.0 allows local users to execute arbitrary code via 1 a long ABLANG environment variable in phlocale or 2 a long -u option to pkg-installer...