377 matches found
Internet Gateway Device WAN Interface UPnP Access
Nessus was able to add 'port mappings' to the remote IGD router by sending a SOAP request to its external interface. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35710; scriptversion"$Revision: 1.8 $"; scriptcvsdate"$Date: 2016/10/13 15:15:41 $";...
CVE-2008-4478
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted 1 Content-Length header in a SOAP request or 2 Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer...
Integer overflow
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted 1 Content-Length header in a SOAP request or 2 Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer...
Heap overflow
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header...
CVE-2008-4478
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted 1 Content-Length header in a SOAP request or 2 Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer...
CVE-2008-4479
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header...
CVE-2008-4479
Novell eDirectory is affected by CVE-2008-4479 due to a heap-based buffer overflow in dhost.exe when processing SOAP requests with an overly long Accept-Language header. A remote attacker can execute arbitrary code with SYSTEM/root privileges on affected installations. Vulnerable versions include...
Code injection
Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...
CVE-2007-3871
Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...
CVE-2007-3871
Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...
php make_http_soap_request flaw
Buffer overflow in the makehttpsoaprequest function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" slash characters...
php make_http_soap_request flaw
Buffer overflow in the makehttpsoaprequest function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" slash characters...
Command injection
Adobe Graphics Server 2.0 and 2.1 formerly AlterCast and Adobe Document Server ADS 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the 1 saveContent...
CVE-2006-1182
Adobe Graphics Server 2.0 and 2.1 formerly AlterCast and Adobe Document Server ADS 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the 1 saveContent...
CVE-2006-1182
Adobe Graphics Server 2.0 and 2.1 formerly AlterCast and Adobe Document Server ADS 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the 1 saveContent...
CVE-2006-1182
Adobe Graphics Server 2.x and Adobe Document Server (ADS) 5.x/6.x are affected by CVE-2006-1182. A crafted SOAP request to the AlterCast web service can invoke saveContent, saveOptimized ADS, or loadContent commands to read files with certain extensions, overwrite arbitrary files, or execute code...
NETGEAR FM114P ProSafe Wireless Router - Rule Bypass
NETGEAR FM114P ProSafe Wireless Router - Rule Bypass source: https://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal...