CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-4243

Directory traversal vulnerability in ImageServer aka UTImageServer in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 UT3 1.3 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

Directory traversal

Directory traversal vulnerability in ImageServer aka UTImageServer in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 UT3 1.3 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

CVE-2008-4243

Directory traversal vulnerability in ImageServer aka UTImageServer in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 UT3 1.3 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

CVE-2008-4243

The CVE-2008-4243 entry describes a directory traversal vulnerability in ImageServer (UTImageServer) used by WebAdmin prior to version 1.7 for Unreal Tournament 3 (UT3) 1.3. The flaw allows remote attackers to read arbitrary files by supplying a .. (dot dot) in the URI, potentially exposing sensi...

Epic Games Unreal Tournament 3 UT3 WebAdmin目录遍历漏洞

BUGTRAQ ID: 31272 CNCAN ID：CNCAN-2008092305 Unreal Tournament 3 UT3是一款基于Unreal引擎的游戏程序，包含内部WEB服务程序。 Unreal Tournament 3 UT3包含的管理员接口不正确过滤用户输入，远程攻击者可以利用漏洞以WEB权限查看web root外的文件内容。 提交类似如下的请求，可绕过WEB ROOT限制，以WEB权限查看系统文件内容： GET /images/../../UTGame/Config/UTGame.INI HTTP/1.0 Host: localhost Epic Games UT3...

Atmail Remote Authentication Bypass, Full DB Compromise

@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

UBUNTU-CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

glassfish-xss.txt

============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...

CVE-2007-6453

RaidenHTTPD 2.0.19 contains a directory traversal vulnerability in raidenhttpd-admin/workspace.php (WebAdmin must be enabled) that allows remote unauthenticated attackers to include and execute arbitrary local files via a .. in the ulang parameter. Multiple sources (NVD/NVDCVE, vendor/JVN entries...

CVE-2007-6453

Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ulang parameter...

RaidenHTTPD 2.0.19 (ulang) Remote Command Execution Exploit

No description provided by source. rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0.19 ulang cmd exec poc exploit rem WebAdmin one - not enabled by default anymore rem however works regardless of php.ini, because rem "ulang" comes from $GET and some magicquo rem tesgpc disable...

RaidenHTTPD 2.0.19 (ulang) Remote Command Execution Exploit

Exploit for unknown platform in category remote exploits =========================================================== RaidenHTTPD 2.0.19 ulang Remote Command Execution Exploit =========================================================== rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0....

RaidenHTTPD 2.0.19 - ulang Remote Command Execution

RaidenHTTPD 2.0.19 - ulang Remote Command Execution rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0.19 ulang cmd exec poc exploit rem WebAdmin one - not enabled by default anymore rem however works regardless of php.ini, because rem "ulang" comes from $GET and some magicquo rem tesg...

RaidenHTTPD 2.0.19 ulang cmd exec poc exploit

rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0.19 ulang cmd exec poc exploit rem WebAdmin one - not enabled by default anymore rem however works regardless of php.ini, because rem "ulang" comes from $GET and some magicquo rem tesgpc disable code,lame divertissement one rem to...

CVE-2003-1463

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to 1 determine the installation path by reading the contents of the Name parameter in a link, and 2 read arbitrary files via an absolute path in the Name...

CVE-2003-1463

CVE-2003-1463 describes an absolute path traversal flaw in Alt-N Technologies WebAdmin 2.0.0–2.0.2. With administrator privileges, an attacker can (1) determine the installation path by reading the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. ...