siteminder software vulnerabilities
vulnerabilities.aspcode.net
Searching siteminder software vulnerabilities
siteminderagent/SmMakeCookie.ccc in Netegrity S
siteminderagent/SmMakeCookieccc
|
redirection
|
referenced
|
SiteMinder
|
parameter
|
attackers
|
construct
|
Netegrity
|
arbitrary
|
visiting
|
resource
|
allows
|
remote
|
TARGET
|
ensure
|
might
|
users
|
trick
|
valid
|
which
|
names
|
site
|
does
|
into
|
web
|
URL
|
not
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
siteminderagent/SmMakeCookie.ccc in Netegrity S
siteminderagent/SmMakeCookieccc
|
SiteMinder
|
SMSESSION
|
parameter
|
attackers
|
Netegrity
|
sniffing
|
Referer
|
reading
|
session
|
methods
|
string
|
obtain
|
remote
|
places
|
other
|
which
|
value
|
allow
|
might
|
logs
|
URL
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
Heap-based buffer overflow in SiteMinder Affili
SiteMinder
|
Heap-based
|
SMPROFILE
|
attackers
|
arbitrary
|
Affiliate
|
overflow
|
execute
|
cookie
|
buffer
|
allows
|
remote
|
large
|
Agent
|
code
|
via
|
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.
Cross-site scripting (XSS) vulnerability in Com
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
Software vulnerabilities results 1 to 5 of 5
Page:
1