web@all <= 1.1 XSS Vulnerability - Active Check

web@all is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Pandora FMS <= 3.1 Multiple Input Validation Vulnerabilities - Active Check

Pandora FMS is prone to an authentication bypass vulnerability as well as the following input-validation vulnerabilities: - A commandinjection vulnerability - Multiple SQL injection SQLi vulnerabilities - A remote file include RFI vulnerability - An arbitrary PHP code execution vulnerability -...

[ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail &lt; v6.2.0

============================================= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored ============================================= I...

Atmail WebMail Cross Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored ============================================= I...

Mercantec SoftCart - CGI Overflow (Metasploit)

$Id: mercantecsoftcart.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

http-form-brute NSE Script

Performs brute force password auditing against http form-based authentication. This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored in the nmap registry, using the creds library, for other scripts to use. The script automatically attempts...

Apache JackRabbit 2.0.0 XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

Apache JackRabbit 2.0.0 - webapp XPath Injection

Apache JackRabbit 2.0.0 - webapp XPath Injection Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip...

Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty

Exploit for jsp platform in category web applications =========================================================== Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty =========================================================== Title: Apache JackRabbit webapp XPath Injection Author: ADEO...

EasyFTP Server list.html path Stack Buffer Overflow

This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentia...

EasyFTP Server <= 1.7.0.11 list.html path Stack Buffer Overflow

$Id: easyftplist.rb 9936 2010-07-27 03:14:46Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

SQL Injection Vulnerability in SyntaxCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in SyntaxCMS which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in SyntaxCMS An input validation error exists in the "rowsperpage" parameter in...

MacOS X EvoCam HTTP GET Overflow

$Id: evocamwebserver.rb 9460 2010-06-09 18:41:58Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

CVE-2010-2102

Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request...

Buffer overflow

Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request...

CVE-2010-2102

Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request...

CVE-2010-2102

CVE-2010-2102 describes a buffer overflow in Webby Webserver 1.01 triggered by a long HTTP GET request, enabling remote execution of arbitrary code. This is documented across multiple sources (NVD, CVE list) with a high impact score. The connected documents confirm the affected product/version an...

Remote included and local contain vulnerabilities principle-vulnerability warning-the black bar safety net

First, let's discuss the include file vulnerability,the first thing to ask is,what is"remote file inclusion vulnerability"for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to tha...

Joomla! Plugin Core Design Scriptegrator - Local File Inclusion

Exploit Title: Core Design Scriptegrator plugin for Joomla! 1.5 file inclusion Author: S2 Crew Hungary Tested on: Debian Linux, Apache, Joomla! 1.5 Code: There's a file called jsloader.php which takes an array of file names from the HTTP GET parameters and calls include on every one of them...

Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability

Exploit for php platform in category web applications ========================================================================== Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability ========================================================================== Exploit Title: Cor...