Vulnerability Note VU#261869

Vulnerability Note VU261869 Clientless SSL VPN products break web browser domain-based security models Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

Real World Security: Ed Bellis on Web-based Business and Software Security

Dennis Fisher talks with Ed Bellis, CISO of Orbitz Worldwide, about the security challenges facing a Web-based business, the value of software security initiatives and the joys of compliance in today’s regulatory environment. Read the transcript...

Real World Security – Ed Bellis interview

Dennis Fisher talks with Ed Bellis, CISO of Orbitz Worldwide, about the security challenges facing a Web-based business, the value of software security initiatives and the joys of compliance in today’s regulatory environment. Listen to the podcast: Read the transcript...

GForge Detection

The remote host is running GForge, an open source web-based project-management and collaboration software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42963; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

Mozilla Bugzilla bug别名信息泄漏漏洞

Bugraq ID: 37062 CVE ID：CVE-2009-3386 Mozilla Bugzilla是一款基于Web的BUG跟踪系统。 Mozilla Bugzilla显示"Depends On"或"Blocks"列表中的受限制bugs的别名时存在错误，可导致泄漏敏感信息。 当某个bug属于某个组时，本来它所有信息对此组之外的用户是不可见的。但是存在漏洞可显示非常短的字符串作为快捷方式用于查询bug"Depends On"或"Blocks"列表中的受限制bugs的别名给此组以外的其他用户，导致敏感信息。 Mozilla Bugzilla 3.5.1 Mozilla Bugzill...

Update Protection against HP Power Manager Remote Code Execution

A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...

Microsoft Security Bulletin MS09-065 - Critical Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

Microsoft Security Bulletin MS09-065 - Critical Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution 969947 Published: November 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in the...

HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

ViewVC Detection

The remote host is running ViewVC, a web-based tool for browsing CVS and Subversion repositories. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42347; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

OpenDocMan 1.2.5 xss SQL injection

No description provided by source. Security Advisory : Multiple vulnerabilities in OpenDocMan Discovered by == Amol Naik amolnaik4atgmail.com Overview -------------- OpenDocMan is a free document management system DMS designed to comply with ISO 17025 and OIE standard for document management. It...

OpenDocMan 1.2.5 xss, SQL injection

Exploit for unknown platform in category web applications =================================== OpenDocMan 1.2.5 xss, SQL injection =================================== Security Advisory : Multiple vulnerabilities in OpenDocMan Overview -------------- OpenDocMan is a free document management system...

[SECURITY] Fedora 10 Update: phpMyAdmin-3.2.2.1-1.fc10

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

Achievo < 1.4.0 Multiple Vulnerabilities

Binary data 5208.prm...

Achievo <= 1.3.4 xss

Exploit for unknown platform in category web applications ==================== Achievo = 1.3.4 xss ==================== Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Vendors contacted: Achievo Release mode: Coordinated release 2. Vulnerability Information Class:...

Achievo 1.3.4 - SQL Injection

Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt Date published:...

Achievo <= 1.3.4 SQL Injection

Exploit for unknown platform in category web applications ============================== Achievo = 1.3.4 SQL Injection ============================== 1. Vulnerability Information Class: SQL Injection Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2009-2734 2. Software Descriptio...

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

[SECURITY] [DSA 1901-1] New mediawiki1.7 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1901-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano October 05, 2009 http://www.debian.org/security/faq -...

Mozilla Releases Preview Builds of Firefox with Content Security Policy

Mozilla has released a preview build of Firefox that includes its new Content Security Policy specification, a framework that’s designed to enable site owners to protect against common Web-based attacks. The CSP specification is Mozilla’s effort to provide Web site operators with a simpler way to...