Mailtraq 2.2 Webmail Utility Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7815/info A vulnerability has been reported for Mailtraq that may result in the disclosure of path information. The vulnerability exists due to insufficient sanitization of HTTP requests. Specifically, a request for...

PHPWCMS 1.4.5 r398 Cross Site Request Forgery Vulnerability

No description provided by source. ?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah...

Mod_NTLM 0.x Authorization Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7393/info A format string vulnerability has been reported for the modntlm Apache module. The problem occurs when logging authentication strings passed in HTTP requests. By passing malicious format specifiers in a request,...

Huawei HG866 Authentication Bypass

No description provided by source. Exploit Title: Huawei HG866 Authentication Bypass Date: Jun 14 2012 Exploit Author: hkm Vendor Homepage: http://www.huawei.com Version: V1R2C01SPC202, R3.2.4.92sbn - R3.4.2.257sbn, 3FE53864AOCB16 Tested on: HG866GTAVER.C, 01, 02 Advisory:...

SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28610/info SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it...

Global Spy Software Cyber Web Filter 2 IP Filter Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11562/info Global Spy Software Cyber Web Filter is affected by an IP filter bypass vulnerability. This issue is due to a failure of the application to properly handle exceptional HTTP requests. An attacker may leverage th...

LifeSize Room Command Injection

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable...

elron im anti-virus 3.0.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2519/info Elron IM is a suite of tools providing internet filtering, virus protection, and other features. Certain non-current versions of products in the Internet Manager suite, including IM Anti-Virus, are vulnerable to...

Savant Webserver 3.1 - Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8243/info Savant web server has been reported prone to multiple denial of service vulnerabilities. Reportedly, a remote attacker may invoke many HTTP requests in succession, against the Savant web server and cause the...

WSMP3 0.0.x Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7642/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP GET requests. As a result, an attacker may be capable of accessing the contents of sensitive system...

SiteWare 2.5/3.0/3.1 Editor Desktop Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2868/info Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content. SiteWare Editor Desktop is prone to directory traversal...

Website Directory 'index.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31562/info Website Directory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the...

VisNetic ActiveDefense 1.3.1 - Multiple GET Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7428/info A denial of service vulnerability has been discovered in VisNetic ActiveDefense. The problem occurs when multiple HTTP requests are subsequently made to a server, containing a specific amount of data. After...

Lunar CMS 3.3 - CSRF And Stored XSS Vulnerability

No description provided by source. ?!-- Lunar CMS 3.3 CSRF And Stored XSS Vulnerability Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open sourcecontent management system written for use on servers running the ever s...

Power Up HTML 0.8033 beta Directory Traversal Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts. A vulnerability exists in Power Up HT...

Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities

No description provided by source. Device Name: EW-7206APg / EW-7209APg Vendor: Edimax ============ Vulnerable Firmware Releases: ============ Device: EW-7206APg Hardware Version Rev. A Runtime Code Version v1.32 Runtime Code Version V1.33 Device: EW-7209APg Hardware Version Rev. A Runtime Code...

RHEL 5 / 6 : Red Hat JBoss Web Server 2.0.1 tomcat7 (RHSA-2014:0526)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0526 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Apple CUPS Web Interface URL Handling Cross-Site Scripting (CVE-2014-2856)

A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL...

tomcat: multiple content-length header poisoning flaws

It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote...

CA ERwin Web Portal ConfigServiceProvider Information Disclosure (CVE-2014-2210)

An information disclosure vulnerability exists in CA ERwin Web Portal. Upon executing a successful attack, the server will give access to XML files which normally should not be accessible to external users. This vulnerability is due to lack of authentication and insufficient input validation in t...