2 results (0.098 seconds)

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacantes remotos evitar la autenticación a través de una petición HTTP que contiene (1) la cabecera Referer , o (2) una cabecera envenenada Referer que coincide con un dominio válido, lo cual permite a atacantes remotos llevar a cabo un ataque de falsificación de petición en sitios cruzados (CSRF) y forzar al cliente a descargar y ejecutar ficheros de su elección. • http://secunia.com/advisories/30135 http://secunia.com/secunia_research/2008-19/advisory http://securityreason.com/securityalert/3930 http://www.securityfocus.com/archive/1/493169/100/0/threaded http://www.securityfocus.com/archive/1/493170/100/0/threaded http://www.securitytracker.com/id?1020208 http://www.vupen.com/english/advisories/2008/1761/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42895 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 13%CPEs: 1EXPL: 0

Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request. Desbordamiento de búfer en el demonio de montado NFS (XNFS.NLM) en Novell NetWare 6.5 SP6, y posiblemente anteriores, permite a atacantes remotos provocar denegación de servicio (abend - abnormal end (finalización no normal)) a través de una ruta larga en una respuesta de montado. • http://osvdb.org/37317 http://secunia.com/advisories/25697 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5004900.html http://www.kb.cert.org/vuls/id/578105 http://www.securityfocus.com/bid/24489 http://www.vupen.com/english/advisories/2007/2221 https://exchange.xforce.ibmcloud.com/vulnerabilities/34878 https://secure-support.novell.com/KanisaPlatform/Publishing/23/3008097_f.SAL_Public.html •