CVE-2011-4740

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive...

CVE-2011-4850

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...

Vulnerabilities in D-Link DSL-500T ADSL Router

Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DSL-500T ADSL Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my first advisory from series of advisories about vulnerabilities in D-Link products...

Easy Hosting Control Panel FTP Account Security Bypass Vulnerability

Easy Hosting Control Panel is prone to a security-bypass vulnerability. Attackers could exploit the issue to add arbitrary FTP accounts to the affected application. Easy Hosting Control Panel versions 0.29.10 up to and including 0.29.13 are vulnerable. OpenVAS Vulnerability Test $Id:...

Easy Hosting Control Panel FTP Account Security Bypass Vulnerability

Easy Hosting Control Panel is prone to a security-bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Easy Hosting Control Panel - Admin Authentication Bypass

Easy Hosting Control Panel - Admin Authentication Bypass Exploit Title: Easy Hosting Control Panel Admin Auth Bypass Google Dork: inurl:/ehcp/?op=applyfordomainaccount Date: 10/04/2011 Author: Jasman Software Link: https://launchpad.net/ehcp & http://www.ehcp.net Version: 0.29.10 - 0.29.13 Tested...

Easy Hosting Control Panel - Admin Authentication Bypass

Exploit Title: Easy Hosting Control Panel Admin Auth Bypass Google Dork: inurl:/ehcp/?op=applyfordomainaccount Date: 10/04/2011 Author: Jasman Software Link: https://launchpad.net/ehcp & http://www.ehcp.net Version: 0.29.10 - 0.29.13 Tested on: Ubuntu, Debian + Description Easy Hosting Control...

Easy Hosting Control Panel Authentication Bypass

Exploit Title: Easy Hosting Control Panel Admin Auth Bypass Google Dork: inurl:/ehcp/?op=applyfordomainaccount Date: 10/04/2011 Author: Jasman Software Link: https://launchpad.net/ehcp & http://www.ehcp.net Version: 0.29.10 - 0.29.13 Tested on: Ubuntu, Debian + Description Easy Hosting Control...

Easy Hosting Control Panel Admin Auth Bypass

Exploit for php platform in category web applications Exploit Title: Easy Hosting Control Panel Admin Auth Bypass Google Dork: inurl:/ehcp/?op=applyfordomainaccount Date: 10/04/2011 Author: Jasman Software Link: https://launchpad.net/ehcp & http://www.ehcp.net Version: 0.29.10 - 0.29.13 Tested on...

Strato Server ACP - Persistent DOM XSS Vulnerabilities

Document Title: =============== Strato Server ACP - Persistent DOM XSS Vulnerabilities Release Date: ============= 2011-08-24 Vulnerability Laboratory ID VL-ID: ==================================== 141 Product & Service Introduction: =============================== Control Panel of Strato Hosting...

Multiple DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! This is the last advisory in which I'll warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. This time I will tell you about Security section of control panel, which is full of vulnerabilities. These are Denial of Service,...

New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...

New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...

E-Manage MySchool 7.02 SQL Injection

Exploit Title: SQL Injection MySchool Version 7.02 Google Dork: "MySchool Version 7.02" Date: 05-21-2011 Software Link: http://em.com.eg/ Version: Version 7.02 Author: az7rb Tested on : winxp sp3 Ar end bt5 Homepage : www.p0c.cc Greetz : p0c Team & Dr.NaNo & All My Msn Messenger Friends wWw.p0c.c...

E-Manage MySchool 7.02 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection MySchool Version 7.02 Google Dork: "MySchool Version 7.02" Date: 05-21-2011 Software Link: http://em.com.eg/ Version: Version 7.02 Author: az7rb Tested on : winxp sp3 Ar end bt5 Homepage : www.p0c.cc Greetz : p0c...

Adobe Boosts Privacy Protections with Flash Player Update

Adobe released an update to its Flash Player that it says will make it easier for users to manage their online privacy. The company released Flash Player Version 10.3 on Thursday. The update to the common rich media player includes support for a new cross platform application program interface AP...

Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package)

============================================================================================================= 1024cms Admin Control Panel v1.1.0 Beta Complete-Modules Package - Directory Traversal Vulnerability...

LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package)

========================================================================================================== 1024cms Admin Control Panel v1.1.0 Beta Master-cPanel Package - Local File Include Vulnerability...