netegrity software vulnerabilities
vulnerabilities.aspcode.net
Searching netegrity software vulnerabilities
siteminderagent/SmMakeCookie.ccc in Netegrity S
siteminderagent/SmMakeCookieccc
|
redirection
|
referenced
|
SiteMinder
|
parameter
|
attackers
|
construct
|
Netegrity
|
arbitrary
|
visiting
|
resource
|
allows
|
remote
|
TARGET
|
ensure
|
might
|
users
|
trick
|
valid
|
which
|
names
|
site
|
does
|
into
|
web
|
URL
|
not
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
siteminderagent/SmMakeCookie.ccc in Netegrity S
siteminderagent/SmMakeCookieccc
|
SiteMinder
|
SMSESSION
|
parameter
|
attackers
|
Netegrity
|
sniffing
|
Referer
|
reading
|
session
|
methods
|
string
|
obtain
|
remote
|
places
|
other
|
which
|
value
|
allow
|
might
|
logs
|
URL
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
Software vulnerabilities results 1 to 4 of 4
Page:
1