http-form-brute NSE Script

Performs brute force password auditing against http form-based authentication. This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored in the nmap registry, using the creds library, for other scripts to use. The script automatically attempts...

Novell iManager Class Name Remote Buffer Overflow (CVE-2010-1929)

Novell iManager is a web-based administration console that provides management of many other Novell products. The iManager service itself is a Java web application running on top of the Tomcat application container. A buffer overflow vulnerability exists in Novell iManager. The vulnerability is d...

HP OpenView Network Node Manager netmon.exe Stack Buffer Overflow (CVE-2010-1551; CVE-2010-2703)

The Network Node Manager NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A stack buffer overflow vulnerability exists in HP OpenView Network Node...

Nagios3 - 'statuswml.cgi' 'Ping' Command Execution (Metasploit)

$Id: nagios3statuswmlping.rb 9829 2010-07-14 18:23:47Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Multiple Cross-site Scripting (XSS) Vulnerabilities in Spitfire

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Spitfire which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Spitfire 1.1 The vulnerability exists due to input sanitation error in the "cmsid" and...

Cross-site Scripting (XSS) Vulnerability in DSite CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in DSite CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in DSite CMS The vulnerability exists due to input sanitation error in the "buttonname" parameter in...

Multiple Vulnerabilities in Pixie

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixie which could be exploited to perform cross-site scripting, script insertions and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in Pixie The vulnerability exists due to input...

Alt-N MDaemon WorldClient Service Memory Corruption (CVE-2008-2631)

A memory corruption vulnerability exists in Alt-N Technologies MDaemon WorldClient. The vulnerability is due to a NULL pointer dereference in processing a malicious HTTP POST request. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the...

Cross-site Scripting (XSS) Vulnerabilities in CruxPA

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxPA which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerability in CruxPA: CVE-2010-2718 The vulnerability exists due to input sanitation err...

Cross-site Scripting (XSS) Vulnerability in ForumCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ForumCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in ForumCMS The vulnerability exists due to input sanitation error in the "keyword" parameter in...

Core Security Technologies Advisory 2010.0415

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application 1. Advisory Information Title: SQL Injection in CubeCart PHP Free & Commercial Shopping Cart...

Cross-site Scripting (XSS) Vulnerabilities in synType CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in synType CMS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerability in synType CMS The vulnerability exists due to input sanitation error in...

Cross-site Scripting (XSS) Vulnerability in Nuggetz CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Nuggetz CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Nuggetz CMS The vulnerability exists due to input sanitation error in the "pagevalue" parameter in...

Cross-site Scripting (XSS) Vulnerability in moziloCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in moziloCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in moziloCMS The vulnerability exists due to input sanitation error in the HTTP POST parameter "pageconten...

Cross-site Scripting (XSS) Vulnerability in log1CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in log1CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in log1CMS The vulnerability exists due to input sanitation error in the HTTP POST parameter "content"...

IPB 3.0.1 sql injection exploit

Exploit for php platform in category web applications =============================== IPB 3.0.1 sql injection exploit =============================== Attention!\n"; echo "\n"; echo "Error!\n"; echo "This exploit is meant to be used as php CLI script!\n"; echo "More inform...

Cross-site Scripting Vulnerability in razorCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in razorCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in razorCMS: CVE-2010-5051 The vulnerability exists due to input sanitation error in the "content" paramete...

Multiple Cross-site Scripting Vulnerabilities in GetSimple CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in GetSimple CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting vulnerability in GetSimple CMS: CVE-2010-5052 The vulnerability exists due to input sanitation error in the "val"...

Cross-site Scripting (XSS) Vulnerability in JComments Component for Joomla!

High-Tech Bridge SA Security Research Lab has discovered vulnerability in JComments component for Joomla! which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in JComments: CVE-2010-5048 The vulnerability exists due to input sanitation error i...

McAfee ePolicy Orchestrator Agent HTTP POST Handling Flaw (CVE-2004-0095)

McAfee Corporation is a major vendor of numerous anti-virus, network, and desktop security products which are deployed in consumer as well as enterprise environments. McAfee ePolicy Orchestrator is a central security management system to manage security policy, assess and enforce policy, notify...