705 matches found
Report: Websites Getting Safer, Yet XSS Bugs Persist
The number of vulnerabilities in the average Web site is actually decreasing, one of the more surprising findings in an annual study done by WhiteHat Security. The 30-page report is the culmination of a project in which the firm combed through approximately 7,000 websites and discovered 79 seriou...
CVE-2011-5028
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. dot dot in the filename parameter...
Directory traversal
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. dot dot in the filename parameter...
CVE-2011-5028
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. dot dot in the filename parameter...
CVE-2011-5028
CVE-2011-5028 is a directory traversal vulnerability in Novell Sentinel Log Manager, affecting 1.2.0.1_938 and earlier versions when used in Novell Sentinel before 7.0.1.0. The issue resides in novelllogmanager/FileDownload, where an authenticated user can supply a filename parameter containing a...
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal
Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...
Novell Sentinel Log Manager 1.2.0.1 Directory Traversal
Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...
novell sentinel log manager 1.2.0.1 - Directory Traversal
novell sentinel log manager 1.2.0.1 - Directory Traversal Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The...
novell sentinel log manager 1.2.0.1 - Directory Traversal
Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The latest version of Sentinel Log Manager is prone to a...
CVE-2011-3339
Cross-site scripting XSS vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP formerly Aladdin HASP SRM run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies 7T IGSS 7 and other products, when Firefox 2.0 ...
Cross site scripting
Cross-site scripting XSS vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP formerly Aladdin HASP SRM run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies 7T IGSS 7 and other products, when Firefox 2.0 ...
CVE-2011-3339
The CVE-2011-3339 entry describes an XSS vulnerability in the Admin Control Center of SafeNet Sentinel HASP/SRM, affecting HASP Run-time Environment 5.95 and earlier, with installers before 6.x and SDKs before 5.11. The issue arises from inadequate input validation in the web application, which c...
CVE-2011-3339
Cross-site scripting XSS vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP formerly Aladdin HASP SRM run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies 7T IGSS 7 and other products, when Firefox 2.0 ...
UDP Service Prober
Detect common UDP services using sequential probes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'UDP Service Prober', 'Description' = 'Detect common UDP services using...
CVE-2011-1913
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2011-1913
Mercator SENTINEL 2.0 contains an SQL injection in the web interface login form that could allow remote attackers to execute arbitrary SQL commands. CERT-NETPEAS notes it could enable authentication bypass to gain administrative access. The issue is addressed in SENTINEL version 2.0.1.0; upgrade ...
CVE-2011-1913
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Mercator SENTINEL SQL injection allows authentication bypass
Overview Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL...
Safenet Sentinel and 7-T Input Sanitization Vulnerability
Overview ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input...