CyberSecurityBoard
Sponsor Register Login

CVE-2008-5420

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. http://secunia.com/advisories/32801 Apply Patches: EMC ControlCenter v 5.x: Update to version 5.2 SP5 Patch 4433. EMC ControlCenter v 6.x: Update to version 6.0 Patch 4434.

Publication date: Wed, 10 Dec 2008 20:00:00 +0000


Cyber News related to CVE-2008-5420

CVE-2008-5420 - The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. http://secunia.com/advisories/32801 ...
6 years ago
CVE-2016-7141 - curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file ...
6 years ago
CVE-2019-5420 - A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails ...
3 years ago
CVE-2014-5420 - CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors. ...
10 years ago
CVE-2006-5420 - Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. Upgrade to 6.2.3 ...
7 years ago
CVE-2013-5420 - The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. ...
7 years ago
CVE-2017-5420 - A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. ...
6 years ago
CVE-2007-5420 - The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's ...
6 years ago
CVE-2001-1037 - Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. ...
6 years ago
CVE-2001-1038 - Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. ...
6 years ago
CVE-2002-1597 - Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface. ...
6 years ago
CVE-2002-1595 - Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. ...
6 years ago
CVE-2002-1596 - Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers. ...
6 years ago
CVE-2016-5420 - curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a ...
6 years ago
CVE-2015-5420 - Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. ...
5 years ago
CVE-2018-10488 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ...
5 years ago
CVE-2020-5420 - Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the ...
4 years ago
CVE-2018-21054 - An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is ...
1 year ago
CVE-2018-5420 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none ...
54 years ago Tenable.com
CVE-2024-5420 - Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 ...
5 months ago
CVE-2024-36968 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2008-1378 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should ...
54 years ago Tenable.com
CVE-2008-2617 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2615 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2621 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)