Lucene search
K

150 matches found

CVE
CVE
added 2014/02/27 3:0 p.m.55 views

CVE-2014-2035

InterWorx Web Control Panel (Product: InterWorx Web Control Panel / Vendor: InterWorx LLC) is affected by a Cross-Site Scripting (XSS) vulnerability in xhr.php that allows an attacker to inject arbitrary script via the i parameter. The issue is documented as CVE-2014-2035 with a confirmed fix in ...

4.3CVSS5.7AI score0.01158EPSS
Exploits3References3Affected Software1
seebug.org
seebug.org
added 2014/02/25 12:0 a.m.44 views

InterWorx Web Control Panel跨站脚本漏洞

CVE ID:CVE-2014-2035 InterWorx Web Control Panel是一个用于管理服务器和VPS WEB主机控制面板。 InterWorx Web Control Panel存在反射型跨站脚本漏洞,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 InterWorx Web Control Panel 5.0.12 build 569 厂商补丁: InterWorx Web Control Panel ----- InterWorx Web Control Panel 5.0.13 build...

4.3CVSS6.5AI score0.01158EPSS
Exploits3
Packet Storm
Packet Storm
added 2014/02/22 12:0 a.m.35 views

InterWorx Web Control Panel Cross Site Scripting

============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...

4.3CVSS0.01158EPSS
Exploits3
Packet Storm
Packet Storm
added 2014/02/11 12:0 a.m.17 views

Kloxo SQL Injection / Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kloxo SQL Injection and Remote Code Execution', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerabilit...

0.6AI score
Exploits0
0day.today
0day.today
added 2014/02/11 12:0 a.m.23 views

Kloxo SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel,...

9AI score
Exploits0
Metasploit
Metasploit
added 2014/02/05 8:18 p.m.15 views

Kloxo SQL Injection and Remote Code Execution

This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel, remote PHP co...

9AI score
Exploits0
seebug.org
seebug.org
added 2012/08/18 12:0 a.m.39 views

phpMyAdmin 'show_config_errors.php'完整路径信息泄露漏洞

BUGTRAQ ID: 55057 CVE ID: CVE-2012-4219 phpMyAdmin是一个用PHP编写的,可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.5.2.1之前的3.5.x在实现上存在安全漏洞,攻击者可利用此漏洞获取敏感信息。 0 phpMyAdmin 3.5.x 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.phpmyadmin.net/homepage/security/...

5CVSS6.4AI score0.023EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.107 views

DirectAdmin v1.403 - Cross Site Scripting Vulnerability

Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/02 12:0 a.m.23 views

DirectAdmin 1.403 Cross Site Scripting

Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/01/12 12:0 a.m.29 views

Debian DSA-2365-1 : dtc - several vulnerabilities

Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services : - CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. - CVE-2011-3196 Unix rights for the apache2.conf wer...

6.5CVSS5.6AI score0.01555EPSS
Exploits0References22
seebug.org
seebug.org
added 2011/12/19 12:0 a.m.44 views

phpMyAdmin 3.4.8之前版本多个跨站脚本执行漏洞

BUGTRAQ ID: 51099 CVE ID: CVE-2011-4634 phpMyAdmin是一个用PHP编写的,可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.4.8之前版本在实现上存在多个跨站脚本执行漏洞,远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码,窃取Cookie身份验证凭证。 使用特制的数据库名称,可能会在数据库同步和数据库重命名面板中执行XSS。使用无效的和特制的SQL查询,在表格全览面板上编辑查询时造成XSS或在使用创建视图对话框时执行XSS。使用特制的列类型,可能在表格搜索或创建索引对话框时执行XSS 0...

4.3CVSS6.4AI score0.0221EPSS
Exploits1
seebug.org
seebug.org
added 2011/11/04 12:0 a.m.15 views

phpMyAdmin "simplexml_load_string()"函数信息泄露漏洞

BUGTRAQ ID: 50497 phpMyAdmin是一个用PHP编写的,可以通过web方式控制和操作MySQL数据库。 phpMyAdmin在simplexmlloadstring函数的实现上存在信息泄露漏洞,攻击者可利用此漏洞在服务器中读取任意文件。 phpMyAdmin 3.x phpMyAdmin 2.x 厂商补丁: phpMyAdmin ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.phpmyadmin.net/homepage/security/...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2011/09/18 12:0 a.m.19 views

phpMyAdmin多个HTML注入漏洞

BUGTRAQ ID: 49648 phpMyAdmin是一个用PHP编写的,可以通过 web 方式控制和操作 MySQL 数据库。 phpMyAdmin在实现上存在多个HTML注入安全漏洞,远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码,窃取cookie凭证。 1)在联机编辑和保存后,某些行内容的输入没有正确过滤就开始使用了,可被利用在查看恶意数据时执行插入的任意HTML和脚本代码。 2)传递到表格、列和索引名称的某些输入在使用前没有正确过滤,可被利用插入任意HTML和脚本代码,然后在查看时在用户浏览器中执行。 phpMyAdmin 3.x 厂商补丁:...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2011/07/25 12:0 a.m.68 views

Ileys Web Control 2.0 SQL Injection

x Exploit Title: Powered by: Ileys Web Control 2.0 SQL Ýnjection Vulnerability view.php x Date: 25/07/2011 x Author: 3spi0n x HomePage: Http://Www.3spi0n.NET | Http://Twitter.Com/RigidusCO | CrypTR.ORG x E-Mail: 3spi0natgmaildotcom x Software Link: http://ileystechnology.com/ x Category: WebApps ...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/03/09 12:0 a.m.19 views

Debian Security Advisory DSA 2179-1 (dtc)

The remote host is missing an update to dtc announced via advisory DSA 2179-1. OpenVAS Vulnerability Test $Id: deb21791.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2179-1 dtc Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

7.5CVSS0.4AI score0.01973EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.80 views

[SECURITY] [DSA 2179-1] dtc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2179-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2011 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.01973EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/03/03 12:0 a.m.19 views

Debian DSA-2179-1 : dtc - SQL injection

Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. - CVE-2011-0434 The bwpermoth.php graph contains a SQL injection vulnerability. - CVE-2011-0435 Insufficient checks in bwpermonth.php can lead to bandwidth usage information...

7.5CVSS5.6AI score0.01973EPSS
Exploits0References10
Debian
Debian
added 2011/03/02 8:57 p.m.18 views

[SECURITY] [DSA 2179-1] dtc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2179-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2011 http://www.debian.org/security/faq -...

7.5CVSS6.9AI score0.01973EPSS
Exploits0
FreeBSD
FreeBSD
added 2011/03/02 12:0 a.m.18 views

dtc -- multiple vulnerabilities

Ansgar Burchardt reports: Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services: The bwpermoth.php graph contains an SQL injection vulnerability; insufficient checks in bwpermonth.php can lead to bandwidth usage information...

7.5CVSS0.9AI score0.01973EPSS
Exploits0References1
OSV
OSV
added 2011/03/02 12:0 a.m.19 views

DSA-2179-1 dtc - SQL injection

Bulletin has no description...

7.5CVSS6AI score0.01973EPSS
Exploits0
Rows per page
Query Builder