EUVD-2014-2998

Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP GET request to TCP port 18081...

CVE-2014-2868

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable...

Code injection

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable...

CVE-2014-2868

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable...

CVE-2014-2749

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request...

Cross site request forgery (csrf)

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request...

Symantec LiveUpdate Administrator Version Detection

Detects the installed version of Symantec LiveUpdate Administrator. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2014-0708

WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 a browser's history, aka Bug ID CSCul98272...

CVE-2014-0708

CVE-2014-0708 affects WebEx Meeting Center in Cisco WebEx Business Suite. The issue arises from improper URL composition for HTTP GET requests, which could allow remote attackers to read sensitive data from server access logs, Referer logs, or a browser history (Bug ID CSCul98272). Root cause: in...

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...

SQL Injection in AdRotate

High-Tech Bridge Security Research Lab discovered vulnerability in AdRotate, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in AdRotate: CVE-2014-1854 The vulnerability exists due to insufficient validation of "track" HTTP GET parameter passed to...

WebPagetest 'file' parameter Local File Disclosure Vulnerability

WebPagetest is prone to local file disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockMongo Cross Site Scripting and Directory Traversal Vulnerabilities

Rockmongo is prone to cross-site scripting XSS and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Ad-minister Wordpress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Ad-minister Wordpress plugin: CVE-2013-6993 The vulnerability exists due to insufficient sanitisation ...

Dokeos 2.2 RC2 SQL Injection Vulnerability

Dokeos version 2.2 RC2 suffers from a remote SQL injection vulnerability. Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure: November 27,...

GestioIP <= 3.0 Command Injection Vulnerability - Active Check

GestioIP is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ONO Hitron CDE-30364 Router - Denial of Service

ONO Hitron CDE-30364 Router - Denial of Service !/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famo...

ONO Hitron CDE-30364 Router Denial Of Service

!/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router. The Hitron Technologies CDE-30364...

Cross-Site Scripting (XSS) in GuppY

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in GuppY, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in GuppY: CVE-2013-5983 1.1 The vulnerability exists due to insufficient...