| New User, Welcome! Login |
Next Page >>
unauthorized
Richards-Zeta Mediator products. This security advisory outlines
details of the following vulnerabilities:
* Default credentials
* Privilege escalation
* Unauthorized information interception
* Unauthorized information access
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of the listed
vulnerabilities are available.
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* Routing Information Protocol (RIP) Denial of Service
Vulnerability
* Unauthorized File System Access Vulnerability
These vulnerabilities are independent; a release that is affected by
one vulnerability is not necessarily affected by the others.
Cisco has released free software updates that address these
MITKRB5-SA-2010-006
MIT krb5 Security Advisory 2010-006
Original release: 2010-10-05
Topic: KDC uninitialized pointer crash in authorization data handling
CVE-2010-1322
CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C/E:H/RL:OF/RC:C
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824490
Version: 1
HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05
Last Updated: 2011-05-05
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03281867
Version: 1
HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-16
Last Updated: 2012-04-16
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03281831
Version: 1
HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-16
Last Updated: 2012-04-16
Multiple vulnerabilities exist in the Cisco Application Networking
Manager (ANM) and Cisco Application Control Engine (ACE) Device
Manager applications. These vulnerabilities are independent of each
other. Successful exploitation of these vulnerabilities may result in
unauthorized system or host operating system access.
This security advisory identifies the following vulnerabilities:
* ACE Device Manager and ANM invalid directory permissions
vulnerability
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
Cisco has released free software updates that address these
vulnerabilities.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03263573
Version: 1
HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-02
Last Updated: 2012-04-02
Summary
=======
Unified Contact Center and Intelligent Contact Management products
contain a vulnerability that may result in unauthorized access to the
web-based reporting and script monitoring tool (Web View) and the
web-based configuration tool (Web Admin).
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml.
following vulnerabilities:
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
Duplicate Issue Identification in Other Cisco TelePresence Advisories
the following vulnerabilities:
* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available that mitigate some of these
vulnerabilities.
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Authorization bypass, Buffer overflow
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34035
CVE Name: CVE-2009-0836, CVE-2009-0837
There is possbile get username and password from "Proxy-Authorization" header, which is not correctly removed when authorization header sends WMP.
Requirements:
- IWSVA/IWSS basic authorization on
- Client is using WMP (8-11) as video player
- Standalone proxy (if upstream proxy is used, "Proxy-Authorization" header is removed by this upstream proxy)
Bug:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01682739
Version: 1
HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-02
Last Updated: 2009-03-09
----------------------------------------------------------------------
(PT-2011-20) Positive Technologies Security Advisory
Authorization bypass vulnerability in OneOrZero AIMS
----------------------------------------------------------------------
---[Vulnerable software]
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01655638
Version: 1
HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-09
Last Updated: 2009-03-09
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02171256
Version: 1
HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-17
Last Updated: 2010-05-17
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02079216
Version: 1
HPSBUX02517 SSRT100058 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-19
Last Updated: 2010-04-19
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02002308
Version: 1
HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-03-23
Last Updated: 2010-03-23
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02079216
Version: 1
HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-13
Last Updated: 2010-04-13
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483
Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05
Last Updated: 2011-05-05
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03005726
Version: 1
HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-12
Last Updated: 2011-09-12
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Cisco IOS Secure Copy Authorization Bypass Vulnerability
Advisory ID: cisco-sa-20070808-scp
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
unexpectedly". In the Cisco ACS Reports and Activity tab, under ACS
Service Monitoring, the logs will indicate CSAuth is not running and
attempts to restart.
The CSRadius service handles communication between the service for
authentication and authorization (CSAuth service) and the access
device requesting the authentication and authorization services for
RADIUS.
Continued exploitation of this vulnerability will prevent Cisco
Secure ACS from processing all authentication and authorization
Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01894850
Version: 1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02282388
Version: 1
HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-07-12
Last Updated: 2010-07-12
Selected table.
SQL Injection:
Attack is conducted during access to admin panel of XAMPP - via
above-mentioned Insufficient Authorization vulnerability or via Insufficient
Authorization vulnerability which was found earlier, which I wrote about
(http://websecurity.com.ua/3220/).
At page http://site/xampp/adodb.php
Summary:
Kyocera Mita multifunction devices come with the ability to scan to
the user's desktop. Part of the solution requires a listener at the
PC/Mac, which handles authorization and document upload. This listener
has several logic bugs and, as a result, the authorization can be
bypassed, files can be uploaded, auditing can be spoofed, and the
storage location can be altered from the configured value.
Details:
CVE-2010-4020
MIT krb5 (releases krb5-1.8 and newer) incorrectly accepts RFC 3961
key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH
and AD-KDC-ISSUED authorization data.
CVE-2010-4021
MIT krb5 KDC (release krb5-1.7 only) may issue tickets not requested
by a client, based on an attacker-chosen KrbFastArmoredReq.
Next Page>>
|
|
|
