628 matches found
CVE-2011-1321
The CVE concerns IBM WebSphere Application Server (WAS) where the AuthCache purge in the Security component fails to purge a user from the PlatformCredential cache. Affected products/versions are WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Root cause: the purge does not remove the user f...
CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion
Source: http://securityreason.com/securityalert/8026 CakePHP data; $token = urldecode$check'Token''fields'; if strpos$token, ':' list$token, $locked = explode':', $token, 2; $locked = unserializestrrot13$locked; -- snip -- The $check array contains our POST data and $locked is a simple rot-13...
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
$Id: cakephpcachecorruption.rb 11074 2010-11-19 20:43:56Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVE-2010-3738
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute...
CVE-2010-3739
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection aka CONNECT and AUTHENTICATION events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers...
CVE-2010-3739
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection aka CONNECT and AUTHENTICATION events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers...
Ubuntu Update for thunderbird regression USN-927-3
Ubuntu Update for Linux kernel vulnerabilities USN-927-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN9273.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for thunderbird regression USN-927-3 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
USN-927-2: NSS regression
USN-927-1 fixed vulnerabilities in NSS. Upstream NSS 3.12.6 added an additional checksum verification on libnssdbm3.so, but the Ubuntu packaging did not create this checksum. As a result, Firefox could not initialize the security component when the NSS Internal FIPS PKCS 11 Module was enabled. Th...
WebSphere 6.1.0.23 安全组件logoutExitPage导致url重定向等多个漏洞
No description provided by source...
IBM DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities
According to its version, the installation of IBM DB2 8.1 running on the remote host is affected by one or more of the following issues : - A local attacker may be able to gain write access to an arbitrary file using DAS, which could lead to gaining root privileges. IZ34149 - It may be possible t...
Memory corruption
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service memory consumption via unspecified vectors, related to private memory within the DB2 memory structure...
CVE-2009-1901
The Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors...
Microsoft ISA Server和Forefront TMG拒绝服务漏洞(MS09-016)
BUGTRAQ ID: 34414 CVECAN ID: CVE-2009-0077 Microsoft ISA Server和Forefront TMG都是微软产品家族中的安全组件,可提供防火墙、安全网关等功能。 防火墙引擎在为Web代理或者Web发布监听器处理TCP状态的方式可能会留下孤儿开放会话,这允许远程用户导致Web监听器停止响应新请求。 Microsoft ISA Server 2006可支持性升级 Microsoft ISA Server 2006 SP1 Microsoft ISA Server 2006 Microsoft ISA Server 2004 SP3...
Microsoft ISA Server和Forefront TMG跨站脚本漏洞(MS09-016)
BUGTRAQ ID: 34416 CVECAN ID: CVE-2009-0237 Microsoft ISA Server和Forefront TMG都是微软产品家族中的安全组件,可提供防火墙、安全网关等功能。 ISA Server或Forefront TMG中的HTML表单认证组件cookieauth.dll没有正确地对HTTP流执行输入验证,允许恶意脚本代码扮演为运行cookieauth.dll的服务器在其他用户的设备上运行,导致跨站脚本攻击。 Microsoft ISA Server 2006可支持性升级 Microsoft ISA Server 2006 SP1...
Trend Micro产品网络安全组件模块多个安全漏洞
BUGTRAQ ID: 33358 CVECAN ID: CVE-2008-3864,CVE-2008-3865,CVE-2008-3866 Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 各种Trend Micro产品所捆绑的网络安全组件(NSC)模块中存在多个漏洞,允许本地用户导致拒绝服务、获得权限提升或控制防火墙设置。 1 防火墙服务(TmPfw.exe)的ApiThread函数在处理发送给该服务(默认40000/TCP端口)的报文时存在堆溢出漏洞,在大小字段中包含有较小值的报文可以触发这个溢出,大小字段中包含有超长值会导致服务崩溃。 2 Trend Micr...
CVE-2008-3864
The ApiThread function in the firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service service crash via a packet with...
CVE-2008-3866
Affected product : Trend Micro OfficeScan NSC components (TmPfw.exe) used in OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007/2008 (17.0.1224). Vulnerability : The Personal Firewall service relies on client-side password protection in the configuration GUI, but this check is not enforced by ...
CVE-2008-3865
Multiple heap-based buffer overflows in the ApiThread function in the firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary...
CVE-2008-4679
The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists CRL, does not call the setRevocationEnabled method on the PKIXBuilderParameters object,...
CVE-2008-3235
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 has unknown impact and attack vectors...