484 matches found
MyNews 1.2 'basepath' Parameter Multiple Remote File Include Vulnerabilities
MyNews 1.2 is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user- supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or to execute arbitrary script code in the context of the Web server...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...
StarDevelop LiveHelp 2.0 - index.php Local File Inclusion
StarDevelop LiveHelp 2.0 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/49650/info StarDevelop LiveHelp is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to obtain...
AR Web Content Manager <= 2.2 Multiple Directory Traversal Vulnerabilities - Active Check
AR Web Content Manager AWCM is prone to multiple directory traversal vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian DSA-2168-1 : openafs - several vulnerabilities
Two vulnerabilities were discovered the distributed filesystem AFS : - CVE-2011-0430 Andrew Deason discovered that a double free in the Rx server process could lead to denial of service or the execution of arbitrary code. - CVE-2011-0431 It was discovered that insufficient error handling in the...
CVE-2011-0430
Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors...
Important: Red Hat Security Advisory: jbossweb security update
Updated jbossweb packages that fix one security issue are now available for JBoss Enterprise Web Platform 5 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score,...
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Alt-N WebAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks. The following...
QuickPHP 'index.php' Remote Source Code Disclosure Vulnerability
QuickPHP is prone to a remote source-code-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks. QuickPHP 1.10.0 is...
Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure
Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure source: https://www.securityfocus.com/bid/45476/info Alt-N WebAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to...
SmartOptimizer - Null Character Remote Information Disclosure
source: https://www.securityfocus.com/bid/44578/info SmartOptimizer is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process...
Mongoose Slash Character Remote File Disclosure Vulnerability
Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks. This issue affects Mongoose 2....
Openwsman HTTP Basic Authentication Buffer Overflow (CVE-2008-2234)
Openwsman is an implementation of Web Services Management WS-Management specification. It uses the WS-Management protocol, which is a SOAP-based protocol using HTTP for exchange of information related to management of devices and applications in a platform independent manner. There exists a stack...
nginx Space String Remote Source Code Disclosure Vulnerability
nginx is prone to a remote source code-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks. This issue affects nginx...
Squid Proxy HTCP Packet Processing Denial of Service (CVE-2010-0639)
The Squid proxy server is a popular open source, Internet proxy and web caching application. It supports various network protocols such as HTTP, FTP, SSL, DNS, and HTCP. A denial of service vulnerability has been reported in Squid Proxy. The vulnerability is due to a NULL pointer dereference when...
Mongoose 2.8 - Space String Remote File Disclosure
source: https://www.securityfocus.com/bid/38145/info Mongoose is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may a...
Simple PHP Blog 0.5.1 - Local File Inclusion
Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may...
Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow (CVE-2008-4478)
Novell eDirectory is an X.500 and LDAP compatible directory server intended for use as a part of an identity management solution. The product is made available for multiple platforms including NetWare, Unix-like systems, and Windows. There exists a heap buffer overflow vulnerability in Novell...
Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow (CVE-2007-2170)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
nginx HTTP Request Header Remote Buffer Overflow
Binary data 5216.prm...