CVE-2010-2465

CVE-2010-2465 affects S2 Security NetBox 2.5, 3.3, and 4.0 (as utilized in Linear eMerge 50/5000 and Sonitrol eAccess). The root cause is insufficient access control, permitting remote attackers to download node logs, photographs of persons, and backup files stored under the web root via unspecif...

CVE-2010-2465

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...

Web Application Security Scanner: w3af

w3af is a Web Application Attack and Audit Framework The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Identify and exploit a SQL injection One of the most difficult parts of securing your application is to identify the...

CVE-2009-4909

admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests...

PHPWCMS 1.4.5 r398 Cross Site Request Forgery

PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc; input type="hidden"...

CSRF in PHPWCMS 1.4.5

?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah Talamantes RedTeam Security RedTeam Labs...

PHPWCMS Cross-Site Request Forgery Vulnerability

No description provided by source. ?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah...

PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery

PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc;...

PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications =========================================================== PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability =========================================================== PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc v...

Uniform Server Multiple CSRF Vulnerabilities

Uniform Server is prone to multiple Cross-Site Request Forgery vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Brekeke PBX Cross-Site Request Forgery Vulnerability

This host is running Brekeke PBX and is prone to Cross-Site Request Forgery Vulnerability. OpenVAS Vulnerability Test $Id: secpodbrekekepbxcsrfvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Brekeke PBX Cross-Site Request Forgery Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 SecPod,...

HP Power Manager formExportDataLogs Directory Traversal (CVE-2009-4000)

HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS. A directory traversal vulnerability has been reported in HP Power Manager. The vulnerability is due to an input validation error while processing parameters sent to a certain form of the web based...

Authorization

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of thi...

CVE-2010-1940

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of thi...

CVE-2010-1940

Removed by vendor...

Google Chrome Cross Site Data Leakage Vulnerability - Windows

Google Chrome Web Browser is prone to cross site data leakage vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-1851

Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage"...

Cross site scripting

Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site...

Cross site scripting

Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage"...

CVE-2010-1851

CVE-2010-1851 affects Google Chrome with the Invisible Hand extension enabled. The issue stems from cookies being used during background HTTP requests, which could enable remote servers to correlate requests and identify specific users and their product searches through HTTP request logging, desc...