CVE-2009-4877

CVE-2009-4877 describes multiple CSRF weaknesses in WebGUI prior to version 7.7.14 that enable remote attackers to hijack user authentication for unspecified requests via unknown vectors. The affected product is WebGUI (before 7.7.14); the vulnerability’s exact exploit method, affected components...

CVE-2009-4877

Multiple cross-site request forgery CSRF vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...

CVE-2009-2738

Cross-site request forgery CSRF vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...

CVE-2009-2738

CVE-2009-2738 is a CSRF vulnerability affecting FreeNAS WebGUI prior to version 0.7RC1. The issue allows an attacker to hijack a user’s authenticated session and perform unspecified actions via forged requests, when the user is logged into the WebGUI, due to CSRF in the web interface. Public docu...

AWStats 6.4 - AWStats.pl Multiple Full Path Disclosures

AWStats 6.4 - AWStats.pl Multiple Full Path Disclosures source: https://www.securityfocus.com/bid/34159/info AWStats is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable...

AWStats 6.4 - 'AWStats.pl' Multiple Full Path Disclosures

source: https://www.securityfocus.com/bid/34159/info AWStats is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. The following are vulnerable: AWStats 6.5 build...

AWStats < 6.6 'awstats.pl' Multiple Path Disclosure Vulnerability - Active Check

AWStats is prone to a path-disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:awstats:awstats";...

CVE-2008-6402

PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the moddir parameter...

CVE-2008-6402

CVE-2008-6402 describes a PHP remote file inclusion vulnerability in the Sofi WebGui package, affecting version 0.6.3 PRE and earlier. The flaw resides in hu/modules/reg-new/modstart.php, where an attacker can supply a URL in the mod_dir parameter to cause arbitrary PHP code execution on the serv...

WebGUI lib/WebGUI/Storage.pm远程脚本代码执行漏洞

BUGTRAQ ID: 32602 WebGUI是一个CMS（内容管理系统）软件，主要用来方便网站内容的发布与维护。 WebGUI没有正确地过滤某些邮件附件。如果用户在使用协作系统的邮件功能的话，就可以向协作系统发送包含有可执行程序（如perl程序、shell脚本或php页面）的附件；如果Web服务器设置可可执行上述类型文件，从协作系统的web视图点击文件就会执行程序。 Plain Black Software WebGUI 7.x 临时解决方法： 编辑lib/WebGUI/Storage.pm并用以下代码替换addFileFromScalar方式： sub...

CVE-2008-4798

The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 stable allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL...

Code injection

The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 stable allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL...

CVE-2008-4798

The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 stable allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL...

CVE-2008-4798

The CVE concerns WebGUI prior to version 7.5.30 (stable). The loadModule function in lib/WebGUI/Asset.pm allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. This enables remote code execution on the affected server. According to the pro...

Sofi WebGUI 'modstart.php'远程文件包含漏洞

BUGTRAQ ID: 31341 CNCAN ID：CNCAN-2008092407 Sofi WebGUI是一款基于PHP的WEB应用程序。 Sofi WebGUI不正确处理用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题由于'modstart.php'脚本对用户提交给'moddir'参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致WEB权限执行任意PHP代码。 Muskatli.Net Sofi WebGUI 0.6 pre-release-3 目前没有解决方案提供：...

Sofi WebGui &lt;= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site:...

sofiwebgui-rfi.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site: http://www.muskatli.net/studio/hu/?f=sofi-wgui-hu Download...

Sofi WebGui 0.6.3 PRE - &#039;mod_dir&#039; Remote File Inclusion

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site: http://www.muskatli.net/studio/hu/?f=sofi-wgui-hu Download...

Sofi WebGui 0.6.3 PRE - mod_dir Remote File Inclusion

Sofi WebGui 0.6.3 PRE - moddir Remote File Inclusion :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site:...