112 matches found
Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability
A vulnerability in the Web Administrator Interface of Cisco Wireless LAN Controllers WLC could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly validate certain parameters prior to processing them on the device. ...
Design/Logic Flaw
The Web Administrator Interface on Cisco Wireless LAN Controller WLC devices allows remote authenticated users to cause a denial of service device crash by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request...
CVE-2013-3474
CVE-2013-3474 affects Cisco Wireless LAN Controller (WLC) Web Administrator Interface. An authenticated attacker who is a member of Full Manager, Read Only, or Lobby Ambassador groups can cause a DoS (device crash) by submitting a request with a missing or malformed parameter value, triggering th...
Django 1.3/1.4 拒绝服务和信息泄露漏洞
BUGTRAQ ID: 58061 CVECAN ID: CVE-2013-0305,CVE-2013-0306 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.3.6、1.4.4之前版本在实现上存在多个漏洞,可被恶意用户利用绕过某些安全限制并造成拒绝服务。 1、扩展XML实体时存在错误,通过包含恶意属性的特制XML,可消耗大量内存。 2、处理某些XML数据时存在错误,通过包含外部实体引用的特制XML数据,可泄露敏感信息。 3、在访问历史视图时,管理员界面没有正确验证访问权限,可被利用查看管理界面内的对象访问历史。...
SysAid Helpdesk 8.5 Pro SQL Injection Vulnerability
SysAid Helpdesk version 8.5 Pro suffers from multiple remote blind SQL injection vulnerabilities. ======= Summary ======= Name: SysAid Helpdesk Pro - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00241 Discoverer: Daniel Compton Vendor: SysAid Vendor Reference: Systems Affected...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the ISE Administrator user interface aka the Apache Tomcat interface on Cisco Identity Services Engine ISE 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators,...
Eventy CMS v1.8 Plus Multiple Vulnerabilities
Exploit for php platform in category web applications Eventy CMS v1.8 Plus - Multiple Web Vulnerablities Introduction: ============= Publish Your Events In Online Calendar. Eventy Is Beautiful And Easy To Use Web Based Event Calendar Software Publish events like parties, courses, meetings,...
Symantec IM Manager Administrator Interface SQL injection (CVE-2011-0553)
Symantec IM Manager is a software-based proxy to secure, manage, and log IM messages for enterprise and public IM protocols. It provides real-time threat protection against IM viruses, worms, and other types of attacks delivered through IM messages. An SQL injection vulnerability has been reporte...
mailman: XSS triggerable by list administrator
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...
CVE-2010-3905
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users...
CVE-2010-3905
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users...
CVE-2010-3905
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users...
Session fixation
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID aka SID value...
Multiple Vulnerabilities in Elxis CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Elxis CMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in Elxis CMS The vulnerability exists due to input sanitation error in the...
dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)
dotDefender 3.8-5 - Remote Code Execution via Cross-Site Scripting / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command...
SQL-Ledger 'admin.pl' Empty Credentials
The remote web server is hosting SQL-Ledger, a web-based double-entry accounting system. The installed version does not require credentials to access the administrator interface. Note that the installed version is potentially affected by several other vulnerabilities, though Nessus has not tested...
Cross site scripting
Cross-site scripting XSS vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL...
CVE-2009-2851
Cross-site scripting XSS vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL...
CVE-2009-2851
Cross-site scripting XSS vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL...
Mandriva Linux Security Advisory : mailman (MDVSA-2008:061)
Multiple cross-site scripting XSS vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list's info attribute in the web administrator interface. The updated packages have been patched to...