Design/Logic Flaw

The Web GUI in the client in IBM Tivoli Storage Manager TSM 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors...

CVE-2013-0472

The Web GUI in the client in IBM Tivoli Storage Manager TSM 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors...

CVE-2013-0472

The vulnerability CVE-2013-0472 affects IBM Tivoli Storage Manager Client Web GUI in TS M Client versions 6.3.x before 6.3.1.0 and 6.4.x before 6.4.0.1, enabling unauthorized access to the TSM server via the Web GUI (vector: network). IBM lists affected products/versions and provides fixes: 6.3 →...

SAP Web GUI Login Brute Forcer

This module attempts to brute force SAP username and passwords through the SAP Web GUI service. Default clients can be tested without needing to set a CLIENT. Common and default user/password combinations can be tested just setting the DEFAULTCRED variable to true. The...

Western Digital ShareSpace WEB GUI Information Disclosure

The web server for the Western Digital ShareSpace device identified is affected by an information disclosure vulnerability due to an improper configuration of access rights for the configuration file 'config.xml'. An attacker can directly access the 'config.xml' file without authentication and vi...

Multiple vulnerabilities in Web GUI of UTM-1 Edge, Safe@Office and ZoneAlarm appliances

...

Sql injection

SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."...

CVE-2011-1343

SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."...

CVE-2011-1343

CVE-2011-1343 : A SQL injection in the Web GUI of IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL via dynamic SQL parameters. Affected product is Netcool/OMNIbus (Web GUI) with vulnerability in dynamic SQL parameter handling. Impact per sources: arbitrar...

VulnCheck KEV: CVE-2000-0248

The web GUI for the Linux Virtual Server LVS software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands...

Buffer overflow

Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager TSM client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service application crash or execute arbitrary code vi...

Stack overflow

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager TSM client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote...

CVE-2008-4828

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager TSM client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote...

CVE-2009-1520

Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager TSM client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service application crash or execute arbitrary code vi...

CVE-2009-1520

Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager TSM client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service application crash or execute arbitrary code vi...

Addonics NAS Adapter Post-Auth Denial of Service Exploit

No description provided by source. !/bin/bash Addonics NAS Adapter Post-Auth DoS Tested against R3282-1.33c LOADER32 1.15, and NASU2FW41 Loader 1.17 Coded by Mike Cyr, aka h00die mcyr2 at csc dotcom Notes: Any of these BoF crashes the entire stack from the web GUI so throw a GET, and bye bye baby...

Addonics NAS Adapter Denial Of Service

!/bin/bash Addonics NAS Adapter Post-Auth DoS Tested against R3282-1.33c LOADER32 1.15, and NASU2FW41 Loader 1.17 Coded by Mike Cyr, aka h00die mcyr2 at csc dotcom Notes: Any of these BoF crashes the entire stack from the web GUI so throw a GET, and bye bye baby! Greetz to muts and loganWHD, I...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...

CVE-2008-2421

CVE-2008-2421 concerns a Cross-site Scripting (XSS) vulnerability in the Web GUI of SAP Web Application Server (WAS) 7.0, affecting Web Dynpro for ABAP (WD4A/WDA) and Web Dynpro for BSP. The issue allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to the default URI unde...

promise-root.txt

List, There is a bug in the Promise NAS NS4300N web GUI firmware version 1.1.0.5 which allows an authenticated admin user to change the password of the 'root' account. The user management portion of the web interface allows the admin user to change user's passwords. The PHP script that handles th...