169 matches found
Syncrify Server <= 3.6 Build 833 - CSRF / XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: email protected Vendor Homepage: http://www.synametrics.com Software Link:...
SynTail 1.5 Build 566 CSRF / Cross Site Scripting
Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynTailDownload.htm Version: 1.5 Build 566...
SynaMan 3.4 Build 1436 CSRF / Cross Site Scripting
Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynaManDownload.htm Version: 3.4 Build 143...
SynaMan 3.4 Build 1436 - Multiple Vulnerabilities
Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynaManDownload.htm Version: 3.4 Build 143...
Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities
Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SyncrifyDownload.htm Version: 3.6...
Xeams 4.5 Build 5755 - Multiple Vulnerabilities
Exploit Title: Multiple vulnerabilities in Xeams 4.5 Build 5755 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/XeamsDownload.htm Version: 4.5 Build 5755...
Syncrify Server 3.6 Build 833 CSRF / Cross Site Scripting
Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SyncrifyDownload.htm Version: 3.6...
SynaMan 3.4 Build 1436 - Multiple Vulnerabilities
SynaMan 3.4 Build 1436 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...
SynTail 1.5 Build 566 - Multiple Vulnerabilities
SynTail 1.5 Build 566 - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link:...
致远A8-V5存在任意用户密码修改漏洞
简要描述: 致远A8-V5存在两个漏洞 一是无视验证码撞库 二是任意用户密码修改 详细说明: 一是无视验证码撞库 致远A8-V5在设计时存在逻辑错误,用户修改密码时对原密码进行了验证,但是验证使用的服务存在未授权访问漏洞,系统对非合法请求的原密码验证功能进行回应,导致了无视验证码,无需login页面进行密码尝试 二是任意用户密码修改 致远A8-V5在设计时存在逻辑错误,在上一步对原始密码进行验证后,下一步不再检测原始密码,从而直接修改用户密码,导致平行权限的越权漏洞。 漏洞证明: 一是无视验证码撞库 POST穷举用户和密码代码如下 GET...
ArcSight Logger - Arbitrary File Upload Code Execution
ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...
Mutiny 5 Arbitrary File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
CVE-2013-4617
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Design/Logic Flaw
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2013-4617
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
VMware Hyperic HQ Groovy Script-Console Java Execution Vulnerability
This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04...
VMware Hyperic HQ Groovy Script-Console Java Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'VMware Hyperic HQ...
Web: jsessionid exposed via encoded url when using cookie based session tracking
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id 1 via a man-in-the-middle attack ...
CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Release Date: unknown Last Modified: 09/27/2010 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application:...
CVE-2010-0217
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...