[SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure

TITLE: WebAdmin Account Manipulation and Arbitrary File Disclosure SECUNIA ADVISORY ID: SA21558 VERIFY ADVISORY: http://secunia.com/advisories/21558/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information WHERE: From remote SOFTWARE...

Cross-site achieve HTTP session hijacking-vulnerability warning-the black bar safety net

A Web application is by 2 ways to determine and keep track of different users: a Cookie or Session also called session-Cookie is. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and...

MDaemon WebAdmin 2.0.x - SQL Injection

Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL INJ&View=User...

MDaemon WebAdmin 2.0.X SQL injection

No description provided by source. Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL...

MDaemon WebAdmin 2.0.x - SQL Injection

MDaemon WebAdmin 2.0.x - SQL Injection Exploit Title: MDaemon WebAdmin 2.0.X SQL injection Date: 2006/5/26 Author: KOUSULIN Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208en.exe Version: WebAdmin 2.0.X Tested on: Windows 2003 CVE : N/A Code : /WebAdmin.dll?Session='ACCESS SQL...

VisNetic / Merak Mail Server multiple flaws

The remote webmail server is affected by multiple vulnerabilities which may allow an attacker to execute arbitrary commands on the remote host. Description: The remote host is running VisNetic / Merak Mail Server, a multi-featured mail server for Windows. The webmail and webadmin services include...

CVE-2005-4669

SQL injection vulnerability in RT Internet Solutions RTIS WebAdmin allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password fields...

CVE-2005-4669

The CVE-2005-4669 entry concerns RT Internet Solutions (RTIS) WebAdmin with a SQL injection vulnerability in the login fields (username and password). Affected component is the WebAdmin interface; root cause is improper handling of input in the authentication form, enabling arbitrary SQL executio...

Alt-N WebAdmin USER Buffer Overflow

Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2005-4669

SQL injection vulnerability in RT Internet Solutions RTIS WebAdmin allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password fields...

RTasarim WebAdmin modul SQL injection

Site : www.rtasarim.com/en/yazilim.asp Description : WEBADMIN Site Administrating Program By courtesy of the Program it can be possible to intervene to the parts of the site instantly. All parts those have interactivity option can be updated. username : admin password : 'or' or username : 'or'...

WebAdmin <= 2.0.4 USER Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ============================================== WebAdmin 'Alt-N WebAdmin USER Buffer Overflow', 'Version' = '$Revision: 1.1 $', 'Authors' = 'y0 at w00t-shell.net', , 'Arch' = 'x86' , 'OS' = 'win32', 'winnt', 'win2000', 'winxp', 'win2003' ,...

WebAdmin &lt;= 2.0.4 USER Buffer Overflow Exploit

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Alt-N WebAdmin 2.0.4 - USER Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

CVE-2004-2369

Technical details (affected product/component/root cause/impact/fix) are not publicly available in the provided documents for CVE-2004-2369. Monitor official advisories for updates; current data only confirms a directory traversal vulnerability in webadmin.nsf.

CVE-2005-0317

Cross-site scripting XSS vulnerability in usereditaccount.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

CVE-2005-0318

CVE-2005-0318 concerns Alt-N WebAdmin 3.0.4, where useredit_account.wdm fails to properly validate edits by the logged-in user. The root cause is insufficient validation of the account-edit parameter, enabling remote authenticated users to modify other users’ account information via a tampered us...

CVE-2005-0317

CVE-2005-0317 affects Alt-N WebAdmin 3.0.4. The XSS flaw is in useredit_account.wdm (via the user parameter) and is caused by insufficient input validation/filtering. The NVD entry lists a CVSS v2 base score of 4.3 (Medium) with network attack vector, no confidentiality impact, partial integrity ...

CVE-2005-0319

The CVE-2005-0319 entry describes a Direct remote injection vulnerability in the Alt-N WebAdmin 3.0.4 component modalfram.wdm, where an attacker can load external webpages and inject arbitrary HTML or script to facilitate cross-site scripting (XSS) and phishing. The root cause is an input/content...

CVE-2005-0319

Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting XSS and phishing...