2125 matches found
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition...
Sophos Endpoint Protection 10.7 Insecure Cryptography Vulnerability
Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash SHA1 function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can...
Bookme Control Panel Cross-Site Scripting Vulnerability
Bookme Control Panel is an online booking plugin for use in WordPress. A cross-site scripting vulnerability exists in the Customers 'Book Me' feature in version 2.0 of Bookme Control Panel, which stems from the program failing to filter user-submitted input. A remote attacker can exploit this...
CVE-2018-8737
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...
CVE-2018-8737
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...
CVE-2018-8737
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...
CVE-2018-8737
Bookme Control Panel 2.0 Application is vulnerable to stored XSS in the Customers “Book Me” function. The vulnerability stems from unsanitized input in the Name and Note fields (custName and custNote) being rendered as JavaScript in the user’s browser. The CVE/NVD entries confirm the affected pro...
Design/Logic Flaw
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...
CVE-2015-4117
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 is vulnerable to OS command injection in the backup parameter of /list/backup/index.php. An authenticated user can inject shell metacharacters to execute arbitrary commands with admin privileges, potentially compromising the entire panel. Remediation: upgrade...
CVE-2015-4117
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...
XSS vulnerability in old y article management system
The old y article management system is based on the old y Asp Access/Mssql environment developed under the open source website building products . Old y article management system XSS vulnerability , an attacker can use the vulnerability in the member control panel to insert malicious code , and...
Nicolas Gudino Flash Operator Panel callforward module command injection vulnerability
Nicolas Gudino a.k.a. Asternic Flash Operator Panel FOP is a suite of phone system monitoring software. user Control Panel UCP is one of the user control panels. callforward module is one of the callforward modules. A command injection vulnerability exists in the callforward module of the UCP in...
Flash Operator Panel 2.31.03 - Command Execution
Flash Operator Panel 2.31.03 - Command Execution Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability...
CVE-2018-5694
The callforward module in User Control Panel UCP in Nicolas Gudino aka Asternic Flash Operator Panel FOP 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter...
Command injection
The callforward module in User Control Panel UCP in Nicolas Gudino aka Asternic Flash Operator Panel FOP 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter...
CVE-2018-5694
The CVE-2018-5694 entry corresponds to a command injection vulnerability in the callforward module of the User Control Panel (UCP) within Nicolas Gudino’s Flash Operator Panel (FOP) version 2.31.03. A remote authenticated user can exploit the vulnerability by supplying a crafted value to the comm...
Fsociety Hacking Tools Pack
Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...
Microsoft Windows LNK File Code Execution Exploit
This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is...
Microsoft Windows LNK File Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that...