Computer Security
[EN] securityvulns.ru no-pyccku


Sun ONE Web server crossite scripting
Published:20.05.2006
Source:
SecurityVulns ID:6165
Type:remote
Threat Level:
5/10
Description:Crossite scripting on URL with quote sign.
Affected:SUN : Sun Java System Application Server 7
 SUN : Sun ONE Web Server 6.0
 SUN : Sun Java System Web Server 6.1
 SUN : Sun ONE Application Server 7
Original documentdocumentSECUNIA, [SA20147] Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability (20.05.2006)

Windows limited service account privilege escalation
Published:20.05.2006
Source:
SecurityVulns ID:6166
Type:local
Threat Level:
5/10
Description:By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentBrian L. Walche, Re[2]: The Weakness of Windows Impersonation Model (20.05.2006)
 documentBrian L. Walche, Re[2]: The Weakness of Windows Impersonation Model (20.05.2006)
 documentDavid Litchfield, Re: The Weakness of Windows Impersonation Model (20.05.2006)
 documentBrian L. Walche, The Weakness of Windows Impersonation Model (20.05.2006)
Files:Snagging Security Tokens to Elevate Privileges

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod