111 matches found
Golabi CMS 1.0.1 Session Poisoning
-------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ /| | \ /|| / / | /| /\ / \ / / / // / /// / -------------------------------------------------------------------------------- wWw.CrazyAngel.iR - info-AT-CrazyAngel.iR...
Profense Web Application Firewall 2.6.2 - Cross-Site Request Forgery Cross-Site Scripting
Profense Web Application Firewall 2.6.2 - Cross-Site Request Forgery Cross-Site Scripting Written By Michael Brooks Special thanks to str0ke! Affects: Profense Web Application Firewall XSRF and XSS Version: 2.6.2 download http://www.armorlogic.com/downloadsoftware.html "Defenses against all OWASP...
Design/Logic Flaw
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks...
CVE-2006-3285
The CVE-2006-3285 entry concerns Cisco Wireless Control System (WCS) prior to version 3.2(51). The internal database uses an undocumented, hard-coded username and password, enabling remote authenticated users to read and potentially modify sensitive configuration data (CSCsd15955). Connected docu...
phpmyadmin -- arbitrary file include and XSS vulnerabilities
A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...
phpMyAdmin257.txt
Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...
Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability Document ID: 47765 Revision 1.0 FINAL For Public Release 2004 January 8 17:00 UTC GMT - ----------------------------------------------------------------------- Conten...
wolfmail.cgi.txt
+-..-+ WolfMail.cgi +-./.-+ by Dead Beat The Advanced Knowledge Network http://www.advknowledge.net Mailirritation possibillity fake and highfire an account Wolfmail is a script similar to formmail.cgi which allows users to send mails from the page without using their Mailclient. However I guess...
Tektronix PhaserLink Multiple Admin Page Unauthenticated Configuration Manipulation
The file /nclitems.shtml or /nclsubjects.shtml exists on the remote web server. If the remote host is a Tektronix printer, then this page allows anyone to reconfigure it without any authentication means whatsoever. An attacker may use this flaw to conduct a denial of service attack against your...
Cisco IOS 11.x12.0 - ILMI SNMP Community String
Cisco IOS 11.x12.0 - ILMI SNMP Community String source: https://www.securityfocus.com/bid/2427/info IOS is the operating system designed for various Cisco devices. It is maintained and distributed by Cisco systems. A problem in the versions of IOS 11.x and 12.0 could allow unauthorized access to...
Advisory: mailman local compromise
Author : Stan Bubrouski Date : August 1, 2000 Package : mailman Versions affected : 2.0beta3 released: 2000-Jun-28 23:25 2.0beta4 released: 2000-Jul-06 21:27 Severity : access to group mailman binaries are installed as which usually mailman. Most directories in a mailman install are mode 2755 as...