978 matches found
ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-02-11-1 ------------------------------------------------------------------------- ASPR 2011-02-11-1: Remote Binary Planting in Adobe Reader...
CVE-2010-4429
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505...
Code injection
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505...
CVE-2010-4429
Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505...
CVE-2010-4600
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue...
CVE-2010-4602
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark...
CVE-2010-4602
IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 contains a web client vulnerability that allows remote authenticated users to bypass the “restricted user” restrictions and read arbitrary records by modifying the record number in the URL for a RECORD action (e.g., via a b...
CVE-2010-4602
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark...
CVE-2010-4600
CVE-2010-4600 affects IBM Rational ClearQuest Web Client using Dojo Toolkit: versions 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 expose cookie data to remote attackers who navigate to a Dojo file via an related “open direct” issue. The vulnerability is an information disclosure in the Dojo...
ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-11-10-3 ------------------------------------------------------------------------- ASPR 2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010...
Web Client Detection
Binary data 5697.prm...
Serv-U < 10.2.0.0
According to its banner, the installed version of Serv-U is earlier than 10.2.0.0 and is, therefore, potentially affected by the following issues : - It is possible to create a directory, when using virtual paths and various combinations of permissions, where the end-user does not have permission...
ACROS Security: Remote Binary Planting in Apple iTunes for Windows (ASPR #2010-08-18-1)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-08-18-1 ------------------------------------------------------------------------- ASPR 2010-08-18-1: Remote Binary Planting in Apple iTunes for Windows...
Serv-U < 10.2.0.0 Multiple Vulnerabilities
Binary data 5635.prm...
httpd: Expect header XSS
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...
Wing FTP Server < 3.6.1 Multiple Flaws
According to its banner, the remote host is running a version of Wing FTP Server earlier than 3.6.1. Such versions are reportedly affected by multiple issues : - An unspecified issue in the SSH implementation could allow an authenticated attacker to trigger a denial of service condition. - An...
CVE-2009-4873
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service server crash or execute arbitrary code via a long Session cookie...
CVE-2009-4873
CVE-2009-4873 describes a stack-based buffer overflow in the HTTP server of Rhino Software Serv-U Web Client 9.0.0.5, exploitable via a long Session cookie to cause a denial of service or arbitrary code execution. Multiple connected sources confirm the vulnerability, with OpenVAS and Nessus notin...
ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-04-12-1 ------------------------------------------------------------------------- ASPR 2010-04-12-1: Remote Binary Planting in VMware Tools for Windows...
Rhino Software Serv-U Web Client HTTP Request Remote Buffer Overflow
A code execution vulnerability exists in Rhino Software Serv-U. The vulnerability is due to a buffer overflow that can occur when Servu-U Web Client handles overly large HTTP requests. Remote attackers could exploit this vulnerability by sending a malicious HTTP request to a vulnerable version of...