Kolibri WebServer HTTP GET Request Handling Buffer Overflow

Added: 08/07/2014 CVE: CVE-2014-4158 BID: 68195 OSVDB: 108090 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Kolibri WebServer 2.0 - GET Request SEH Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title : Kolibri WebServer 2.0 Get Request SEH Exploit Exploit Author : Revin Hadi S Date : 14/07/2014 Vendor : http://www.senkas.com Version : 2.0 Tested on : Windows XP SP2 Eng, Windows Server 2003 Eng, Win 7 SP1 E...

ZKSoftware WebServer Default Admin Credentials (HTTP)

The ZKSoftware WebServer is using default admin credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NOCC 1.0 filter_prefs.php html_filter_select Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject...

Prototype of an PHP application 0.1 ident/loginmodif.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

LoveCMS 1.4 install/index.php step Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker ca...

PHPX 3.5.15/3.5.16 forums.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

OmniHTTPD 1.1/2.0.x/2.4 Sample Application URL Encoded Newline HTML Injection

No description provided by source. source: http://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection vulnerability has been reported in the...

PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserve...

otalCalendar 0 about.php inc_dir Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...

Linksys SPA941 SIP From Field HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25987/info Linksys SPA941 devices are prone to an HTML-injection vulnerability because the built-in webserver fails to properly sanitize user-supplied input before using it in dynamically generated content...

In-Portal In-Link 2.3.4 ADODB_DIR.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19824/info In-portal In-link is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Alt-N WorldClient Pro 2.0 .0.0/2.0.1 .0/Standard 2.0 .0.0 Long URL DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/823/info Alt-N's WorldClient is an email webserver that allows it's users to retrieve email via HTTP. It is susceptible to denial of service attacks due to an unchecked buffer in the request handler. Supplying a long url...

Jetbox CMS 2.1 Search_function.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19722/info Jetbox CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

OABoard 1.0 Forum Script Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of...

phpMyTourney 2 - tourney/index.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28057/info phpMyTourney is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing maliciou...

Mozilla Bugzilla 2.4/2.6/2.8/2.10 Remote Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1199/info Bugzilla is a web-based bug-tracking system based on Perl and MySQL. It allows people to submit bugs and catalogs them. Bugzilla is prone to a vulnerability which may allow remote users to execute arbitrary...

ezContents 2.0.3 calendar.php GLOBALS[language_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

EServ 2.9x Password-Protected File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3838/info EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. It is possible to construct a web request which is capable of accessing the contents of password protected...

Fujitsu ServerView <= 4.50.8 DBASCIIAccess Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24762/info Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the...