Lucene search
K

169 matches found

0day.today
0day.today
added 2015/05/09 12:0 a.m.31 views

Syncrify Server <= 3.6 Build 833 - CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: email protected Vendor Homepage: http://www.synametrics.com Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/08 12:0 a.m.59 views

SynTail 1.5 Build 566 CSRF / Cross Site Scripting

Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynTailDownload.htm Version: 1.5 Build 566...

5.2CVSS8.9AI score0.01293EPSS
Exploits3
Packet Storm
Packet Storm
added 2015/05/08 12:0 a.m.41 views

SynaMan 3.4 Build 1436 CSRF / Cross Site Scripting

Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynaManDownload.htm Version: 3.4 Build 143...

5.2CVSS8.9AI score0.01293EPSS
Exploits3
Exploit DB
Exploit DB
added 2015/05/08 12:0 a.m.32 views

SynaMan 3.4 Build 1436 - Multiple Vulnerabilities

Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynaManDownload.htm Version: 3.4 Build 143...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/08 12:0 a.m.25 views

Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities

Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SyncrifyDownload.htm Version: 3.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/08 12:0 a.m.24 views

Xeams 4.5 Build 5755 - Multiple Vulnerabilities

Exploit Title: Multiple vulnerabilities in Xeams 4.5 Build 5755 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/XeamsDownload.htm Version: 4.5 Build 5755...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/08 12:0 a.m.34 views

Syncrify Server 3.6 Build 833 CSRF / Cross Site Scripting

Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SyncrifyDownload.htm Version: 3.6...

5.2CVSS0.1AI score0.01293EPSS
Exploits3
exploitpack
exploitpack
added 2015/05/08 12:0 a.m.16 views

SynaMan 3.4 Build 1436 - Multiple Vulnerabilities

SynaMan 3.4 Build 1436 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2015/05/08 12:0 a.m.12 views

SynTail 1.5 Build 566 - Multiple Vulnerabilities

SynTail 1.5 Build 566 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2015/03/31 12:0 a.m.290 views

致远A8-V5存在任意用户密码修改漏洞

简要描述: 致远A8-V5存在两个漏洞 一是无视验证码撞库 二是任意用户密码修改 详细说明: 一是无视验证码撞库 致远A8-V5在设计时存在逻辑错误,用户修改密码时对原密码进行了验证,但是验证使用的服务存在未授权访问漏洞,系统对非合法请求的原密码验证功能进行回应,导致了无视验证码,无需login页面进行密码尝试 二是任意用户密码修改 致远A8-V5在设计时存在逻辑错误,在上一步对原始密码进行验证后,下一步不再检测原始密码,从而直接修改用户密码,导致平行权限的越权漏洞。 漏洞证明: 一是无视验证码撞库 POST穷举用户和密码代码如下 GET...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/03/13 12:0 a.m.38 views

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

9CVSS0.2AI score0.117EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Mutiny 5 Arbitrary File Upload

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
NVD
NVD
added 2013/11/27 6:55 p.m.26 views

CVE-2013-4617

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.1AI score0.01257EPSS
Exploits1References1
Prion
Prion
added 2013/11/27 6:55 p.m.16 views

Design/Logic Flaw

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.6AI score0.01257EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2013/11/27 6:0 p.m.26 views

CVE-2013-4617

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1AI score0.01257EPSS
Exploits1References1
0day.today
0day.today
added 2013/10/12 12:0 a.m.21 views

VMware Hyperic HQ Groovy Script-Console Java Execution Vulnerability

This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2013/10/11 12:0 a.m.25 views

VMware Hyperic HQ Groovy Script-Console Java Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'VMware Hyperic HQ...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/05/20 2:27 p.m.5 views

Web: jsessionid exposed via encoded url when using cookie based session tracking

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...

4.3CVSS6.3AI score0.01977EPSS
Exploits0References4
securityvulns
securityvulns
added 2011/05/21 12:0 a.m.71 views

CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Release Date: unknown Last Modified: 09/27/2010 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application:...

5.8CVSS0.2AI score0.01282EPSS
Exploits1
NVD
NVD
added 2011/05/20 10:55 p.m.20 views

CVE-2010-0217

Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...

5.8CVSS6.6AI score0.01282EPSS
Exploits1References5
Rows per page
Query Builder