152 matches found
byu.edu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-593635 Description| Value ---|--- Affected Website:| byu.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
DotNetNuke DreamSlider 01.01.02 Arbitrary File Download
Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork: inurl:/DesktopModules/DreamSlider/ CVE: Description DotNetNuke DreamSlider Module prior to version...
General Security Guidelines for Veeam Self-Service Backup Portal
Security Considerations The security advice in this article is provided as a courtesy and is not intended to replace the advice of a professional security consultant. The advice in this article has been tested with the assumption that the machine operating Veeam Backup Enterprise Manager and/or...
StoreFront upgrade fails ""The process cannot access the file 'C:\inetpub\wwwroot\Citrix\<store name>\web.config' because it is being used by another process."
In the MSI logs under C:\windows\temp\storefront we see the following exception: "The process cannot access the file 'C:\inetpub\wwwroot\Citrix\web.config' because it is being used by another process."...
Description of Update Rollup 2 for System Center 2012 R2 Service Provider Foundation
Description of Update Rollup 2 for System Center 2012 R2 Service Provider Foundation Summary This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center 2012 R2 Service Provider Foundation SPF. Additionally, this article contains the installation instructions f...
Password settings in Web.Config file for PNAgent changes automatically when "Configure XenApp Services Support" Console is opened in Storefront Snapin.
You have modified web.config file manually or using EnablePnaForStore.ps1 for PNAgent site for the Password Options. When you open "Configure XenApp Services Support" Console and click OK on it, the settings change back...
Arbitrary File Download Vulnerability in Beijing Zhiqingweiye Submission System
Beijing Zhiqingweiye Submission System is a CMS system for all kinds of topics or magazines, which can be submitted remotely. The product has an arbitrary file download vulnerability, the vulnerability URL is: /Admin/Upload/Index?path=%2Fweb.config&fileName=%E9%99%84%E5%9B%BE&Browser=IE, an...
EMC RSA Archer eGRC Information Disclosure Vulnerability
EMC RSA Archer eGRC is an enterprise IT governance and compliance governance product from EMC Corporation EMC. The product can be used to manage enterprise risk, automate business processes, and more. A security vulnerability exists in the EMC RSA Archer eGRC 5.5.x release. A remote attacker can...
How to Force Enterprise Manager Login to Use Form-Based Authentication
Article Applicability This article applies to Veeam Backup & Replication 12.x and older, as in those versions, the default was for Veeam Backup Enterprise Manager to utilize a Windows Authentication pop-up key="useWindowsAuth" value="true". Starting in Veeam Backup Enterprise Manager v13, the...
Xuzhou Huawei Information Technology Co., Ltd. electronic document management system contains file inclusion vulnerabilities
Xuzhou City, China Network Information Technology Co., Ltd. electronic document management system is to achieve the school's electronic documents such as electronic lesson plans, classroom materials, rules and regulations, management documents, audio-visual materials, photographs, etc.,...
Desktop Viewer is Showing Up Even though it has been Disabled Through the web.config File
Desktop Viewer is showing up even though it has been disabled through the web.config file...
File Containment Vulnerability in Hangzhou Ancai Network Reimbursement System (CNVD-2017-02374)
Hangzhou Ancai Network Reimbursement System is an online reimbursement system that supports online bill of lading and online approval for employees, bidding farewell to paper transmission and improving the timeliness, safety and standardization of information transmission. A file inclusion...
File Containment Vulnerability in Hangzhou Ancai Network Reimbursement System
Hangzhou Ancai Network Reimbursement System is an online reimbursement system that supports online bill of lading and online approval for employees, bidding farewell to paper transmission and improving the timeliness, safety and standardization of information transmission. A file inclusion...
HttpCombiner ASP.NET - Remote File Disclosure Vulnerability
Exploit for asp platform in category web applications Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...
HttpCombiner ASP.NET - Remote File Disclosure
HttpCombiner ASP.NET - Remote File Disclosure Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...
某教育类通用cms任意文件下载漏洞
简要描述: 某教育类通用cms任意文件下载漏洞 详细说明: 不知道算不算通用 可下载web.config文件,数据库信息文件泄露 http://sbc.xzit.edu.cn/hxjc/DownLoad.aspx?Accessory=../web.config http://hedds.njutcm.edu.cn/DownLoad.aspx?Accessory=../web.config http://www.emcjs.org/DownLoad.aspx?Accessory=../web.config...
Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure Vulnerability
No description provided by source. Securitylab.ir Application Info: Name: Namad Version: 2.0.0.0 Website: http://imenafzar.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Remote File Download...
DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® EasyDnnGallery Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork...
DotNetNuke dnnUI_NewsArticlesSlider Arbitrary File Download
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® dnnUINewsArticlesSlider Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.dnnui.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...
.NET Form Authentication Insecure Redirect
Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...