3632 matches found
CVE-2010-5337
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5338
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...
Default credentials
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0...
Design/Logic Flaw
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchauid is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5336
The CVE-2010-5336 issue affects IceWarp Webclient prior to 10.2.1, where an XSS vulnerability is triggered by an HTTP POST to admin/login.html with the username parameter. The root cause is lack of input validation/escapes for client-side data within the Webclient Web application. Impact is clien...
CVE-2010-5336
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0...
CVE-2010-5337
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5338
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5339
CVE-2010-5339 affects IceWarp Webclient prior to 10.2.1. The issue is a Cross-Site Scripting vulnerability triggered by an HTTP POST to webmail/basic/ that uses the parameter _dlg[captcha][uid]. According to Red Hat and NVD entries, this XSS is non-persistent in versions 10.1.3 and 10.2.0, indica...
CVE-2010-5339
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchauid is non-persistent in 10.1.3 and 10.2.0...
CVE-2010-5340
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0...
File Sharing Wizard 1.5.0 POST SEH Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'File Sharing Wizard - POST SEH Overflow', 'Description' = %q This module exploits an unauthenticated HTTP POST SEH-based buffer overflow in File...
New Relic: Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF
Hey team, I've discovered an improper user-input filtration issue at charts embedding herald.service.newrelic.com leading to both cross-account stored XSS and SSRF. There is an action Get chart link for some charts for instance, for the ones located at Mobile - Overview. F600887 After user clicks...
CVE-2008-5905
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...
CVE-2008-1924
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...
a.tvn.pl Cross Site Scripting vulnerability
Security Researcher logindenied Helped patch 7927 vulnerabilities Received 8 Coordinated Disclosure badges Received 76 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting a.tvn.pl website and its users. Following coordinated...
File Sharing Wizard - POST SEH Overflow
This module exploits an unauthenticated HTTP POST SEH-based buffer overflow in File Sharing Wizard 1.5.0. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'File Sharing Wizard - POST SEH Overflow...