3011 matches found
JBoss EAP unprivileged local xml file access
The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...
JBoss EAP unprivileged local xml file access
The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...
Microsoft Web Service client Version Detection
Binary data 4756.prm...
http-auth NSE Script
Retrieves the authentication scheme and realm of a web service that requires authentication. See also: http-auth-finder.nse http-brute.nse Script Arguments http-auth.path Define the request path slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...
OpenJDK JAX-WS unauthorized URL access (6542088)
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...
phpizabi-traverse.txt
PHPizabi v0.848b traversal file access Vendor url:http://www.phpizabi.net/ Advisore:http://lostmon.blogspot.com/2008/08/ phpizabi-v0848b-traversal-file-access.html Vendor notify:no exploit available:yes Description By vendor page: PHPizabi is one of the most powerful social networking platforms o...
CAU-2008-0002: Microsoft Windows SharePoint Services Picture Source XSS
/ / | | | | ----====/ // / | || |====---- | | | || | | | | | | | | | | | | | ------====== / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID: CAU-2008-0002...
Computer Academic Underground Advisory 2008.2
/ \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | | ------======\ / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID:...
Microsoft IIS ASP远程代码执行漏洞(MS08-006)
BUGTRAQ ID: 27676 CVECAN ID: CVE-2008-0075 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 IIS处理ASP网页输入的方式存在远程代码执行漏洞,允许攻击者向网站的ASP页面传送恶意输入。成功利用这个漏洞的攻击者可以在IIS服务器上以WPI的权限(默认配置为网络服务帐号权限)执行任意操作。 Microsoft IIS 6.0 Microsoft IIS 5.1 临时解决方法: 在Windows Server 2003上禁用传统风格ASP: 1...
MiniWeb 0.8.19 Multiple Remote Vulnerabilities
Exploit for unknown platform in category remote exploits ============================================== MiniWeb 0.8.19 Multiple Remote Vulnerabilities ============================================== MiniWeb Multiple Vulnerabilities Introduction MiniWeb is a mini HTTP server implementation written ...
Simple PHP Blog多个安全漏洞
Simple PHP Blog是一款基于PHP的网络日记程序。 Simple PHP Blog不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞对应用程序进行各种攻击。 问题包括如下: -IP伪造 -HTML注入 -会话固定 -开放EMAIL RELAY -本地文件包含 -跨站请求伪造 -任意文件上传。 攻击者利用这些问题可破坏受影响的应用程序,以WEB服务进程权限执行任意代码。发送任意恶意邮件,或窃取COOKIE等信息。 Simple PHP Blog Simple PHP Blog 0.5.1 Simple PHP Blog Simple PHP Blog 0.4.8 Simpl...
ifoto-traversal.txt
ifoto traversal folder enumeration Vendor url:http://ifoto.ireans.com/ Advisore:http://lostmon.blogspot.com/2007/07/ ifoto-traversal-folder-enumeration.html vendor notify:no exploit include:yes ifoto contains a flaw that allows a remote traversal arbitrary folder enumeration.This flaw exists...
Information disclosure
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...
CVE-2007-2698
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...
CVE-2007-2698
Summary: CVE-2007-2698 affects BEA WebLogic Server 9.0 Administr ation Console. The issue allows an attacker to view plaintext Web Service attributes during configuration creation, potentially exposing sensitive credentials. The published CVSS v2 base score is 5.0 (Medium): Network access, low at...
CVE-2007-2698
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...
Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion source: https://www.securityfocus.com/bid/23499/info News Manager Deluxe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an...
DevTrack Web Service UserName Field SQL Injection
The remote host is running DevTrack, a defect and project tracking tool. The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote...
MailEnable Authorization Header Buffer Overflow
This module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are...
FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)
An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...