150 matches found
Design/Logic Flaw
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request...
CVE-2016-2272
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie...
CVE-2016-2272
CVE-2016-2272 affects Eaton Lighting EG2 Web Control versions 4.04P and earlier. The ICS advisory notes an authentication bypass/root cause: reliance on cookies without proper validation/integrity, enabling a remote attacker to alter browser cookies and perform administrative actions that could c...
CVE-2016-0871
The CVE-2016-0871 issue affects Eaton Lighting EG2 Web Control (V4.04P and prior). Root causes include CWE-565: Reliance on Cookies without Validation, and CWE-312: Cleartext Storage of Sensitive Information. A remote attacker could read configuration files and view credentials via a direct reque...
Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerability (CNVD-2016-02006)
The Eaton Lighting Systems EG2 Web Control is a controller product from Eaton Lighting Systems USA for Internet and Wi-Fi LAN connections to the iLumin network. An authentication bypass vulnerability exists in Eaton Lighting Systems EG2 Web Control version 4.04P and earlier. A remote attacker cou...
Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerability
The Eaton Lighting Systems EG2 Web Control is a controller product from Eaton Lighting Systems USA for Internet and Wi-Fi LAN connections to the iLumin network. An authentication bypass vulnerability exists in Eaton Lighting Systems EG2 Web Control V4.04P and prior versions. A remote attacker cou...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
Exploit for php platform in category web applications ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Test...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/08 + Tested on : Elementary Os + Vendor Homepage :...
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities ============================================================================= + Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability + Exploit Author : Ashiyane Digital Security Team + Date : 1.483 + Version : 2015/09/...
CVE-2014-2531
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the 1 NodeWorx , 2 SiteWorx, or 3...
Sql injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the 1 NodeWorx , 2 SiteWorx, or 3...
CVE-2014-2531
InterWorx Web Control Panel (InterWorx-CP) before 5.0.14 build 577 is vulnerable to SQL injection in xhr.php via the i parameter in the search action for NodeWorx, SiteWorx, and Resellers interfaces. Root cause is that the application constructs dynamic SQL by concatenating user input without pro...
InterWorx Web Control Panel Information Disclosure and XSS Vulnerability
InterWorx Web Control Panel is prone to information disclosure and xss vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and passwor...
Kloxo - SQL Injection and Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper Ran...
[CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...
InterWorx Web Control Panel Cross Site Scripting Vulnerability
InterWorx Web Control Panel version 5.0.12 build 569 suffers from a cross site scripting vulnerability. ============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
InterWorx 5.0.13 Build 574 SQL Injection
================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...
CVE-2014-2035
Cross-site scripting XSS vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in xhr.php in InterWorx Web Control Panel aka InterWorx Hosting Control Panel and InterWorx-CP before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter...