239 matches found
Junos Pulse Secure Meeting 8.0.5 Access Bypass
Profundis Labs Security Advisory https://profundis-labs.com/advisories/CVE-2015-7323.txt Product: ================================ Junos Pulse Secure Meeting Secure Meeting is a part of the Junos Puls Collaboration software, which allows you to organize and holding virtual meetings with internal...
用友致远A6协同管理高危漏洞二
简要描述: 用友致远A6协同管理高危漏洞二 详细说明: 该漏洞泄露了当前登录用户(所有登录的)的SessionID; 利用泄露的SessionID即可登录该用户,包括管理员,进入后getshell毫无压力 /yyoa/ext/https/getSessionList.jsp 部分代码 \r\n"; outXML += "\r\n"; // outXML += "\r\n"; // outXML += "\r\n"; outXML += "\r\n"; out.printlnoutXML; % 从上面的代码可知,当cmd参数为getAll时,便可获取到所有用户的SessionID 例如:...
InstantASP InstantForum.NET Multiple Cross-Site Scripting Vulnerabilities
InstantASP InstantForum.NET is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2014-9468
Multiple cross-site scripting XSS vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to 1 Join.aspx or 2 Logon.aspx...
CVE-2014-9468
InstantASP InstantForum.NET has multiple XSS vulnerabilities (CVE-2014-9468) affecting versions 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0 and 3.4.0. The issue is a reflected cross-site scripting vulnerability: attacker-supplied input in the SessionID parameter is echoed in Join.aspx or Logon.aspx, enabli...
InstantASP InstantForum.NET 3.x / 4.x Cross Site Scripting
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS Cross-Site Scripting Security Vulnerabilities Exploit Title: InstantASP InstantForum.NET Multiple XSS Cross-Site Scripting Security Vulnerabilities Product: InstantForum.NET Vendor: InstantASP Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0...
PHPMyRecipes 1.2.2 - 'dosearch.php?words_exact' SQL Injection
!/usr/bin/python import httplib from bs4 import BeautifulSoup import re import os Function that takes an SQL select statement and inject it into the wordsexact variable of dosearch.php Returns BeautifulSoup object def sqliselect: inject = '"' IN BOOLEAN MODE UNION ' + select + '' body =...
InstantASP 4.1 Logon.aspx SessionID Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
NeoMail NeoMail.PL SessionID Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17728/info NeoMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
4images 1.7.1 member.php sessionid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...
CyberBuild 0 login.asp SessionID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17829/info CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly...
4images 1.7.1 top.php sessionid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...
WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
No description provided by source. !/usr/bin/perl -w Exploit Title: WatchGuard Firewall XTM version 11.7.4u1 - Remote buffer overflow exploit sessionid cookie Date: Oct 18 2013 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage: http://www.watchguard.com Version: =...
Easy File Sharing Web Server SESSIONID Cookie Handling Buffer Overflow
Added: 05/29/2014 CVE: CVE-2014-3791 BID: 67406 OSVDB: 106965 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is...
Easy File Sharing Web Server SESSIONID Cookie Handling Buffer Overflow
Added: 05/29/2014 CVE: CVE-2014-3791 BID: 67406 OSVDB: 106965 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is...
Turbomail认证信息设计缺陷及存储型xss
简要描述: 漏洞1、任意用户认证信息劫持 漏洞2、跨站 漏洞3、内置账号弱口令 详细说明: 1、邮件系统直接把用户sessionid放置于url中,导致可利用图片探针轻易窃取到用户sessionid。 2、跨站漏洞,主要还是编辑器。 3、内置账号nobody默认口令为空,直接拿nobody搞到通讯录,然后就可以爆破其他人邮箱了,或者直接利用问题1劫持。 漏洞证明: 1、将图片探针插入到qq邮箱或其他邮箱img标签中发送给需要劫持的邮箱 对方在收到邮件阅读邮件时触发包含在邮件中的图片探针,手机第一时间收到包含sessionid的url...
Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
!/usr/bin/perl -w Exploit Title: WatchGuard Firewall XTM version 11.7.4u1 - Remote buffer overflow exploit sessionid cookie Date: Oct 18 2013 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage: http://www.watchguard.com Version: = 11.7.4u1 Tested on: XTMv CVE :...
Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow !/usr/bin/perl -w Exploit Title: WatchGuard Firewall XTM version 11.7.4u1 - Remote buffer overflow exploit sessionid cookie Date: Oct 18 2013 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage:...
Buffer overflow
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie...
CVE-2013-3586
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...