Showing 26 - 30 of 30

Files from Rapid7

Rapid7 Security Advisory 9: Posted Dec 16, 2002; Authored by Rapid7 | Site rapid7.com; Rapid 7 Security Advisory - SSH servers and clients from several vendors contain vulnerabilities in the greeting and key-exchange-initialization phases of the SSHv2 transport layer that allow denial of service attacks and/or arbitrary code execution. OpenSSH, SecureCRT, and LSH are not affected - vulnerable versions include F-Secure 3.1.0 and below for unix and v5.2 and below for Windows, SSH 3.2.2 and below for windows and unix, putty v0.53 and below, WinSCP 2.0.0 and below, and more.; tags | advisory, denial of service, arbitrary, vulnerability, code execution; systems | windows, unix; SHA-256 | 4e0095d93035f5f570e62c687c4ba8324db7f74b95ef0d6aad64c3c1651a3e9c; Download | Favorite | View

Rapid7 Security Advisory 8: Posted Oct 25, 2002; Authored by Rapid7 | Site rapid7.com; Rapid 7 Advisory R7-0008 - IBM Web Traffic Express Caching Proxy server is vulnerable to cross site scripting. The Caching Proxy server allows script code to be injected into pages using standard cross-site scripting techniques. A second, variant attack allows the HTTP headers to be manipulated.; tags | web, xss; SHA-256 | 2b24d3cf784653c24b81047d80228ae940e783257cf9ce49567fa86d564bdaeb; Download | Favorite | View

Rapid7 Security Advisory 7: Posted Oct 25, 2002; Authored by Rapid7 | Site rapid7.com; Rapid 7 Advisory R7-0007 - The Caching Proxy component of IBM's WebSphere Edge Server v2.0 is vulnerable to a denial-of-service attack against one of the default CGI programs. A malformed HTTP request for /cgi-bin/helpout.exe will cause ibmproxy.exe to crash and cease functioning.; tags | web, cgi; SHA-256 | d5444f4faa351e594a4559c2bf2fb5cf0491766c5ae89f6adfc2ce7c94802ffe; Download | Favorite | View

Rapid7 Security Advisory 6: Posted Oct 10, 2002; Authored by Rapid7 | Site rapid7.com; Rapid 7 Advisory R7-0006 - Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service. Oracle 8i (8.1.x), Oracle 9i Release 1 (9.0.x), and Oracle 9i Release 2 (9.2.x) can be crashed via the SERVICE_CURLOAD command. Fix available here.; tags | denial of service; advisories | CVE-2002-1118; SHA-256 | c3f7eb6deb3d0642c420524eaf6a2d34915d5bfd56f39c76f63c3b9b6b262ccb; Download | Favorite | View

Rapid7 Security Advisory 5: Posted Sep 9, 2002; Authored by Rapid7 | Site rapid7.com; Rapid 7 Advisory R7-0005 - Granite Software ZMerge Administration Database Has Insecure Default ACLs. In the default configuration, the ZMerge administration database grants Manager access to all users (including anonymous web users). If the administrator neglects to change the database ACLs to something more appropriate, an unauthorized user could modify the data import/export scripts which might then be run by an administrator or scheduled agent.; tags | web; SHA-256 | fca3273915d5d225f6ed4dc2ee16b9d6643cd52d21160ebe5fc11fc9524bc748; Download | Favorite | View

Page 2 of 2 Back 1 2 Next

Top Authors In Last 30 Days