webadmin <= Shell upload defect and repair-vulnerability warning-the black bar safety net

Title: webadmin " , 'Privileged' = false, 'Payload' = 'DisableNops' = true, , 'Platform' = 'php', 'Arch' = ARCHPHP, 'Targets' = 'Automatic', , 'DefaultTarget' = 0, 'DisclosureDate' = 'Sept 1 3, 2 0 1 1' registeroptions OptString. new'URI', true, "Path to webadmin ", "/", , self.class end def...

CVE-2011-3013

WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2011-2222

Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2011-2221

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors...

Design/Logic Flaw

WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack...

Session fixation

Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors...

Authentication flaw

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors...

CVE-2011-2222

Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2011-3013

The CVE-2011-3013 entry affects WebAdmin in Mobility Pack before 1.2 within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The underlying issue is the use of weak SSL ciphers, enabling a remote attacker to potentially gain access via brute-force attempts. Documented impact is partial confide...

CVE-2011-2221

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors...

CVE-2011-2221

The CVE-2011-2221 entry concerns the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. The vulnerability allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. The issue is documented in the NVD...

CVE-2011-2222

CVE-2011-2222 describes a session fixation vulnerability in WebAdmin of the Mobility Pack before 1.2, within Novell Data Synchronizer 1.x up to 1.1.2 build 428. The issue allows remote attackers to hijack web sessions via unspecified vectors. Affected component: WebAdmin/ Mobility Pack integratio...

CodeMeter WebAdmin Cross-site Scripting &#40;XSS&#41; Vulnerability

Vulnerability title: CodeMeter WebAdmin Cross-site Scripting XSS Vulnerability CVSS Risk Rating: 3.9 Low Product: CodeMeter WebAdmin Application Vendor: Wibu-Systems Vendor URL: http://www.codemeter.de Public disclosure date: 5/30/2011 Discovered by: Rob Kraus and the Solutionary Engineering...

Allomani Movies Library 2.0 - Cross-Site Request Forgery (Add Admin)

Allomani Movies Library 2.0 - Cross-Site Request Forgery Add Admin Movies Library 2.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/moviesscript.html === Exploit ===...

Allomani Super MultiMedia Library 2.5.0 - Cross-Site Request Forgery (Add Admin)

Allomani Super MultiMedia Library 2.5.0 - Cross-Site Request Forgery Add Admin Super Multimedia Library 2.5.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script :...

Allomani News 1.0 - Cross-Site Request Forgery (Add Admin)

News 1.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/newsscript.html === Exploit ===...

Allomani Audio and Video Library 2.7.0 - Cross-Site Request Forgery (Add Admin)

Audio & Video Library 2.7.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/audioandvideoscript.html === Exploit ===...

Allomani Movies Library 2.0 - Cross-Site Request Forgery (Add Admin)

Movies Library 2.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/moviesscript.html === Exploit ===...

MySms 1.0 - Multiple Vulnerabilities

MySms v1.0 Multiple Vulnerabilities ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] === Exploit === 1Auth Bypass =============== www.site.com/MySms/admin/index.php Username: 'or'a'='a Password: 'or'a'='a 2CSRF ======= Add Admin...

Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability

Alt-N WebAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks. The following...