832 matches found
CVE-2007-5058
The CVE-2007-5058 issue affects the Barracuda Spam Firewall web administration interface. Affected component: login handling in the Web UI where the username field can inject arbitrary script/HTML when the Monitor Web Syslog screen is open. Root cause: improper handling of input in the login cont...
[ISR] - Barracuda Spam Firewall. Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 || ISR || || Infobyte Security Research || www.infobyte.com.ar || 09.21.2007 || .:: SUMMARY Barracuda Spam Firewall Cross-Site Scripting Version: Barracuda Spam Firewall firmware v3.4.10.102 It is suspected that all previous versions of Barracuda Sp...
Nullsoft Shoutcast Server crossite scripting
Crossite scripting with web administration log...
IP3 NetAccess directory traversal
Directory traversal in Web administration interface...
ashopcom-xss.txt
Ashop Commerce provides a turn-key ecommerce solution with it's revolutionary online store building software. One of the worlds most easy to use web based administrations with award winning features allows the merchant to set up an online store capable of competing with the webs most powerful...
[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS
============================================= INTERNET SECURITY AUDITORS ALERT 2006-007 - Original release date: April 27, 2006 - Last revised: December 1, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 2/5 ============================================= I. VULNERABILITY...
JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability
Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...
CVE-2006-3567
Cross-site scripting XSS vulnerability in the web administration interface logging feature in Juniper Networks Redline DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field...
CVE-2006-3567
Cross-site scripting XSS vulnerability in the web administration interface logging feature in Juniper Networks Redline DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field...
[SA20990] Juniper Networks DX System Log Script Insertion
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also requir...
Juniper DX crossite scripting
Web administration system log crossite scripting thorugh username...
MailEnable Enterprise Edition ASP Version <= 2.0
Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I found multiple bugs in MailEnable Enterprise Edition ASP Version = 2.0 that I listed them below: 1 - Any user can login to web administration site. 2 - Authenticated normal user can gain ADMIN or SYSADMIN level, also remote user can disab...
MailEnable Enterprise 2.0 - 'ASP' Multiple Vulnerabilities
Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I found multiple bugs in MailEnable Enterprise Edition ASP Version POSTOFFICE -----------------------End---------------------------- 2 Authenticated normal user can gain ADMIN or SYSADMIN level, also remote user can disable him/her account!...
TIBCO Rendezvous messaging software buffer overflow
Buffer overflow in web administration interface...
[VulnWatch] iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability
Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability iDefense Security Advisory 01.17.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372 January 17, 2006 I. BACKGROUND Cisco IOS Software is the world's leading network infrastructure software,...
phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.
phpMyAdmin serverprivileges.php SQL Injection Vulnerabilities. I. BACKGROUND phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. II. DESCRIPTION phpMyAdmin serverprivileges.php is prone to SQL Injection vulnerability. A remote attacker may execute...
Detect SWAT server port
SWAT Samba Web Administration Tool is running on this port. SWAT allows Samba users to change their passwords, and offers to the sysadmin an easy-to-use GUI to configure Samba. However, it is not recommended to let SWAT be accessed by the world, as it allows an intruder to attempt to brute force...
Checkpoint Firewall open Web administration
The remote Checkpoint Firewall is open to Web administration. An attacker use it to launch a brute force password attack against the firewall, and eventually take control of it. OpenVAS Vulnerability Test $Id: checkpointopenwebadmin.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Checkpoint...
Linksys Gozila CGI DoS Vulnerability
The Linksys BEFSR41 EtherFast Cable/DSL Router crashes if somebody accesses the Gozila CGI without argument on the web administration interface. SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
Oracle Web Administration Server Detection
We detected the remote web server as an Oracle Administration web server. This web server enables attackers to configure your Oracle Database server if they gain access to a valid authentication username and password. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpt...