492 matches found
CVE-2009-4511
Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server VCS before X5.1 allow remote authenticated users to read arbitrary files via a .. dot dot in the page parameter to 1 helppage.php or 2 user/helppage.php...
CVE-2009-4511
The CVE-2009-4511 issue affects TANDBERG Video Communication Server (VCS). It is a directory traversal flaw in the web management interface (two scripts: helppage.php and user/helppage.php) that an authenticated administrator or lower-privilege user could exploit to read arbitrary files on the ap...
CVE-2009-4509
The TANDBERG Video Communication Server (VCS) web management interface in versions around x4.2.1 (and possibly earlier) uses forged/predictable session cookies in tandberg/web/lib/secure.php and tandberg/web/user/lib/secure.php, enabling an unauthenticated attacker to bypass authentication and po...
CVE-2010-1355
The CVE-2010-1355 entry concerns a Cross-site Scripting (XSS) vulnerability in the TANDBERG Video Communication Server (VCS) prior to X5.0. The connected sources confirm the affected product and that the vulnerability is XSS with unspecified vectors, allowing remote attackers to inject arbitrary ...
Tandberg VCS Arbitrary File Retrieval
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Arbitrary File Retrieval Release Date:...
Sql injection
DISPUTED SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely fr...
CVE-2006-0897
SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2006-0897
SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2006-0897
SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 via the UpdateID0 parameter to Service_Requests.asp. The vendor disputes the issue, citing a protected state-management system, while third-party sources suggest the original researcher may have triggered...
[Full-disclosure] DMA[2005-1112a] - 'Veritas Storage Foundation VCSI18N_LANG buffer overflow'
DMA2005-1112a - 'Veritas Storage Foundation VCSI18NLANG buffer overflow' Author: Kevin Finisterre Vendor: http://www.Veritas.com Product: 'Veritas Cluster Server for UNIX' References: http://www.digitalmunition.com/DMA2005-1112a.txt http://www.symantec.com/avcenter/security/Content/2005.11.08a.ht...
CVE-2002-1817
Technical details for CVE-2002-1817 are not publicly available in the provided documents. Monitor for updates.
CVE-2001-0287
The vulnerability CVE-2001-0287 affects VERITAS Cluster Server (VCS) 1.3.0 on Solaris. A local user can trigger a denial of service (system panic) by using the -L option to the lltstat command. The available connected sources corroborate the affected product/version and the vulnerable user action...