CVE-2015-1564

CVE-2015-1564 affects Plain Black WebGUI 7.10.29 and earlier, via the style-underground/search component. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML through the Search field. No remediation details are provided in the conn...

CVE-2015-1564

Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field...

Plain Black WebGUI 'search' Cross-Site Scripting Vulnerability

Plain Black WebGUI is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unspecified Cross-Site Scripting Vulnerability in WebGUI

WebGUI is a CMS Content Management System software that is mainly used to facilitate the publishing and maintenance of website content. An unspecified cross-site scripting vulnerability exists in WebGUI because it fails to properly filter user-supplied input. An attacker may be able to exploit th...

WebGUI 7.10.29 Cross Site Scripting

Exploit Title: WebGUI 7.10.29 stable version Cross site scripting vulnerability Software Link: http://www.webgui.org/download Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 17-1-2015 Version: 7.10.29. Previous version maybe vulnerable also. Vulnerable area:...

FreeNAS WebGUI Blank Password

The version of FreeNAS installed on the remote host either has not yet set up a password or has recently reset the WebGUI password. This allows anyone to log into the WebGUI, set up an arbitrary password, and then use the system terminal feature of the WebGUI to execute arbitrary commands with...

ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure Vulnerability

No description provided by source. Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named kerbynet interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all...

Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site:...

WebGUI 6.x Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15083/info WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. This issue can facilitate unauthorized remote access...

AWStats <= 6.4 'awstats.pl' Multiple Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34159/info AWStats is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. The following...

Aker Secure Mail Gateway &quot;msg_id&quot;跨站脚本漏洞

CVE ID：CVE-2013-6037 Aker Secure Mail Gateway是一款邮件网关解决方案。 由于通过"msgid" GET参数传递到webgui/cf/index.php的输入在返回用户前未能正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 Aker Secure Mail Gateway =2.5.2 厂商补丁： Aker ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.aker.com.br/atualizacoes-asmg?fieldtipovalue=A...

CVE-2012-3000

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the 1 APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and 2 AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote...

Sql injection

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the 1 APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and 2 AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote...

CVE-2012-3000

Summary: CVE-2012-3000 is an SQL injection vulnerability affecting multiple BIG-IP components (APM WebGUI, AVR WebGUI, and related WebGUIs) on BIG-IP LTM, GTM, ASM, Link Controller, PSM, Edge Gateway, Analytics, WebAccelerator, and WOM up to 11.2.x with specific HF3 fixes. Affected path/trigger: ...

ZeroShell &#039;cgi-bin/kerbynet&#039; - Local File Disclosure

Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all url look like this :...

ZeroShell 2.0RC2 File Disclosure / Command Execution

Exploit Title: ZeroShell = 2.0RC2 Local file disclosure and Remote Command Execution Date: 13/08/2013 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.zeroshell.org - www.zeroshell.org/download/ Version: 2.0RC2 Category: Local File disclosure and Remote Command Execution Google...

TP-LINK TL-WR340G Denial Of Service

=== intro === TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP. Now it's marked End-of-Life. Transmitting crafted frames in proximity of working router cause device to malfunction. Wireless communication stops, existing clients don't receive frames from AP except beacons , new...

CVE-2009-4877

Multiple cross-site request forgery CSRF vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...

CVE-2009-4877

Multiple cross-site request forgery CSRF vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...