Nmap NSE net: http-passwd

Checks if a web server is vulnerable to directory traversal by attempting to retrieve '/etc/passwd' or '\boot.ini'. The script uses several technique: Generic directory traversal by requesting paths like '../../../../etc/passwd'. Known specific traversals of several web servers. Query string...

Nmap NSE net: hostmap

Tries to find hostnames that resolve to the target's IP address by querying the online database at http://www.bfk.de/bfkdnslogger.html. The script is in the 'external' category because it sends target IPs to a third party in order to query their database. SYNTAX: hostmap.prefix: If set, saves the...

DSA-2247-1 rails - several vulnerabilities

Bulletin has no description...

Oracle Java GlassFish Server Security Bypass Vulnerability (May 2011)

Oracle GlassFish Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...

CVE-2011-1582

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...

Apache Tomcat 7.0.12 < 7.0.14 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.14. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.14security-7 advisory. - Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

Design/Logic Flaw

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

CVE-2011-1183

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

Apache Tomcat 7.0.0 < 7.0.12 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.12security-7 advisory. - The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining,...

Mahara Multiple Vulnerabilities (Apr 2011)

Mahara is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

This host is running Mahara and is prone to cross site scripting and cross site request forgery vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmaharaxssncsrfvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities Authors:...

Tugux CMS 1.0_final Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerable Web-App : Tugux CMS 1.0final Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cherian Email : email protected Google-Dork : "Copyright 2010-2011 Tugux CMS" Tested on : Ubuntu 10.04 Web-App :...

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...

Design/Logic Flaw

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...

CVE-2011-1419

Affected software: Apache Tomcat 7.x before 7.0.11. Component/behavior: ServletSecurity handling; when web.xml has no security constraints, Tomcat does not follow ServletSecurity annotations, enabling a remote bypass of access controls via HTTP requests. Root cause: incomplete fix for CVE-2011-10...

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...

Hiawatha WebServer 7.4 Denial of Service Vulnerability

Exploit for multiple platform in category dos / poc Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Hiawatha WebServer 7.4 Vendor Product Description - Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January...

RedHat Update for seamonkey RHSA-2011:0313-01

Check for the Version of seamonkey OpenVAS Vulnerability Test RedHat Update for seamonkey RHSA-2011:0313-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...