150 matches found
CVE-2014-2035
InterWorx Web Control Panel (Product: InterWorx Web Control Panel / Vendor: InterWorx LLC) is affected by a Cross-Site Scripting (XSS) vulnerability in xhr.php that allows an attacker to inject arbitrary script via the i parameter. The issue is documented as CVE-2014-2035 with a confirmed fix in ...
InterWorx Web Control Panel跨站脚本漏洞
CVE ID:CVE-2014-2035 InterWorx Web Control Panel是一个用于管理服务器和VPS WEB主机控制面板。 InterWorx Web Control Panel存在反射型跨站脚本漏洞,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 InterWorx Web Control Panel 5.0.12 build 569 厂商补丁: InterWorx Web Control Panel ----- InterWorx Web Control Panel 5.0.13 build...
InterWorx Web Control Panel Cross Site Scripting
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...
Kloxo SQL Injection / Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kloxo SQL Injection and Remote Code Execution', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerabilit...
Kloxo SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel,...
Kloxo SQL Injection and Remote Code Execution
This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel, remote PHP co...
phpMyAdmin 'show_config_errors.php'完整路径信息泄露漏洞
BUGTRAQ ID: 55057 CVE ID: CVE-2012-4219 phpMyAdmin是一个用PHP编写的,可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.5.2.1之前的3.5.x在实现上存在安全漏洞,攻击者可利用此漏洞获取敏感信息。 0 phpMyAdmin 3.5.x 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.phpmyadmin.net/homepage/security/...
DirectAdmin v1.403 - Cross Site Scripting Vulnerability
Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...
DirectAdmin 1.403 Cross Site Scripting
Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...
Debian DSA-2365-1 : dtc - several vulnerabilities
Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services : - CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. - CVE-2011-3196 Unix rights for the apache2.conf wer...
phpMyAdmin 3.4.8之前版本多个跨站脚本执行漏洞
BUGTRAQ ID: 51099 CVE ID: CVE-2011-4634 phpMyAdmin是一个用PHP编写的,可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.4.8之前版本在实现上存在多个跨站脚本执行漏洞,远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码,窃取Cookie身份验证凭证。 使用特制的数据库名称,可能会在数据库同步和数据库重命名面板中执行XSS。使用无效的和特制的SQL查询,在表格全览面板上编辑查询时造成XSS或在使用创建视图对话框时执行XSS。使用特制的列类型,可能在表格搜索或创建索引对话框时执行XSS 0...
phpMyAdmin "simplexml_load_string()"函数信息泄露漏洞
BUGTRAQ ID: 50497 phpMyAdmin是一个用PHP编写的,可以通过web方式控制和操作MySQL数据库。 phpMyAdmin在simplexmlloadstring函数的实现上存在信息泄露漏洞,攻击者可利用此漏洞在服务器中读取任意文件。 phpMyAdmin 3.x phpMyAdmin 2.x 厂商补丁: phpMyAdmin ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.phpmyadmin.net/homepage/security/...
phpMyAdmin多个HTML注入漏洞
BUGTRAQ ID: 49648 phpMyAdmin是一个用PHP编写的,可以通过 web 方式控制和操作 MySQL 数据库。 phpMyAdmin在实现上存在多个HTML注入安全漏洞,远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码,窃取cookie凭证。 1)在联机编辑和保存后,某些行内容的输入没有正确过滤就开始使用了,可被利用在查看恶意数据时执行插入的任意HTML和脚本代码。 2)传递到表格、列和索引名称的某些输入在使用前没有正确过滤,可被利用插入任意HTML和脚本代码,然后在查看时在用户浏览器中执行。 phpMyAdmin 3.x 厂商补丁:...
Ileys Web Control 2.0 SQL Injection
x Exploit Title: Powered by: Ileys Web Control 2.0 SQL Ýnjection Vulnerability view.php x Date: 25/07/2011 x Author: 3spi0n x HomePage: Http://Www.3spi0n.NET | Http://Twitter.Com/RigidusCO | CrypTR.ORG x E-Mail: 3spi0natgmaildotcom x Software Link: http://ileystechnology.com/ x Category: WebApps ...
Debian Security Advisory DSA 2179-1 (dtc)
The remote host is missing an update to dtc announced via advisory DSA 2179-1. OpenVAS Vulnerability Test $Id: deb21791.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2179-1 dtc Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
[SECURITY] [DSA 2179-1] dtc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2179-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2011 http://www.debian.org/security/faq -...
Debian DSA-2179-1 : dtc - SQL injection
Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. - CVE-2011-0434 The bwpermoth.php graph contains a SQL injection vulnerability. - CVE-2011-0435 Insufficient checks in bwpermonth.php can lead to bandwidth usage information...
[SECURITY] [DSA 2179-1] dtc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2179-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2011 http://www.debian.org/security/faq -...
dtc -- multiple vulnerabilities
Ansgar Burchardt reports: Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services: The bwpermoth.php graph contains an SQL injection vulnerability; insufficient checks in bwpermonth.php can lead to bandwidth usage information...
DSA-2179-1 dtc - SQL injection
Bulletin has no description...