148 matches found
CVE-2016-0871
The CVE-2016-0871 issue affects Eaton Lighting EG2 Web Control (V4.04P and prior). Root causes include CWE-565: Reliance on Cookies without Validation, and CWE-312: Cleartext Storage of Sensitive Information. A remote attacker could read configuration files and view credentials via a direct reque...
CVE-2016-2272
CVE-2016-2272 affects Eaton Lighting EG2 Web Control versions 4.04P and earlier. The ICS advisory notes an authentication bypass/root cause: reliance on cookies without proper validation/integrity, enabling a remote attacker to alter browser cookies and perform administrative actions that could c...
Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerability (CNVD-2016-02006)
The Eaton Lighting Systems EG2 Web Control is a controller product from Eaton Lighting Systems USA for Internet and Wi-Fi LAN connections to the iLumin network. An authentication bypass vulnerability exists in Eaton Lighting Systems EG2 Web Control version 4.04P and earlier. A remote attacker cou...
Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerability
The Eaton Lighting Systems EG2 Web Control is a controller product from Eaton Lighting Systems USA for Internet and Wi-Fi LAN connections to the iLumin network. An authentication bypass vulnerability exists in Eaton Lighting Systems EG2 Web Control V4.04P and prior versions. A remote attacker cou...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
Exploit for php platform in category web applications ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Test...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Tested on : Elementary Os + Vendor Homepage :...
CVE-2014-2531
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the 1 NodeWorx , 2 SiteWorx, or 3...
Sql injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the 1 NodeWorx , 2 SiteWorx, or 3...
CVE-2014-2531
InterWorx Web Control Panel (InterWorx-CP) before 5.0.14 build 577 is vulnerable to SQL injection in xhr.php via the i parameter in the search action for NodeWorx, SiteWorx, and Resellers interfaces. Root cause is that the application constructs dynamic SQL by concatenating user input without pro...
InterWorx Web Control Panel Information Disclosure and XSS Vulnerability
InterWorx Web Control Panel is prone to information disclosure and xss vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Kloxo - SQL Injection and Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper Ran...
PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and passwor...
[CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...
InterWorx Web Control Panel Cross Site Scripting Vulnerability
InterWorx Web Control Panel version 5.0.12 build 569 suffers from a cross site scripting vulnerability. ============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
InterWorx 5.0.13 Build 574 SQL Injection
================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...
CVE-2014-2035
Cross-site scripting XSS vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter...
CVE-2014-2035
InterWorx Web Control Panel (Product: InterWorx Web Control Panel / Vendor: InterWorx LLC) is affected by a Cross-Site Scripting (XSS) vulnerability in xhr.php that allows an attacker to inject arbitrary script via the i parameter. The issue is documented as CVE-2014-2035 with a confirmed fix in ...
InterWorx Web Control Panel跨站脚本漏洞
CVE ID:CVE-2014-2035 InterWorx Web Control Panel是一个用于管理服务器和VPS WEB主机控制面板。 InterWorx Web Control Panel存在反射型跨站脚本漏洞,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 InterWorx Web Control Panel 5.0.12 build 569 厂商补丁: InterWorx Web Control Panel ----- InterWorx Web Control Panel 5.0.13 build...