MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities

According to its version number, the MantisBT install hosted on the remote web server is 1.1.0 or later but prior to 1.2.16. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting flaw exists with the 'accountsponsorpage.php' where the 'projectid' parameter is not...

Zimbra Collaboration Server LFI

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'Zimbra Collaboration Server LFI', 'Description' = %q This module exploits a local file inclusion on Zimbra...

Zimbra Collaboration Server LFI

This module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to create an...

CVE-2013-7091

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LD...

CVE-2013-7091

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LD...

Cisco Unified Communications Manager (CUCM) Web Detection

The web interface for Cisco Unified Communications Manager CUCM was detected. Note: This plugin does not report anything. It only collects version information to be used downstream. C Tenable, Inc. include'compat.inc'; if description scriptid70088; scriptversion"1.8";...

Zoom Telephonics X4X5 ADSL Modem - Multiple Vulnerabilities

Zoom Telephonics X4X5 ADSL Modem - Multiple Vulnerabilities Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions...

Zoom X4 / X5 SQL Injection / Authentication Bypass Vulnerabilities

Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities. Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3...

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

REST session not terminated

panel This issue deals with how JIRA manages session requests to the REST/SOAP API. The related issue JRA-27050 deals with session management for web Crawlers. The related issue JRA-27047 deals with session management for stateless requests to the REST/SOAP API. panel h4. Expected behavior 1. On...

VMware vCenter SOAP API Settings

Binary data vmwarevcentersettings.nbin...

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

FreeBSD Ports: mantis

The remote host is missing an update to the system as announced in the referenced advisory. VID 55587adb-b49d-11e1-8df1-0004aca374af OpenVAS Vulnerability Test $ Description: Auto generated from VID 55587adb-b49d-11e1-8df1-0004aca374af Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

CVE-2012-1123

The mcichecklogin function in api/soap/mcapi.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password...

CVE-2012-1120

The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...

Authentication flaw

The mcichecklogin function in api/soap/mcapi.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password...

CVE-2012-1120

The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...

Code injection

The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...

CVE-2012-1123

The mcichecklogin function in api/soap/mcapi.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password...