MySQLDumper 1.24.4 - install.php?language Traversal Arbitrary File Access

MySQLDumper 1.24.4 - install.php?language Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple...

MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosures

MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosures source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multip...

MySQLDumper 1.24.4 - 'install.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...

MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosures

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...

MySQLDumper 1.24.4 - 'filemanagement.php?f' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...

MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution

source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the...

Sybase EAServer Directory Traversal Vulnerability

Sybase EAServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks...

Ambiguous IPv6 in Origin headers may bypass webserver access restrictions — Mozilla

Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of...

IPhone TreasonSMS - HTML Inject & File Include Vulnerability

Title: ====== IPhone TreasonSMS - HTML Inject & File Include Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=154 VL-ID: ===== 154 Introduction: ============= treasonSMS allows you to send SMS from your desktop computer. It turns your...

DocuWiki 2012/01/25 Cross Site Request Forgery / Cross Site Scripting

DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...

ETeamPass 2.1.5 Cross Site Scripting

Title: ETeamPass v2.1.5 users.queries.php Persistent Cross-Site Scripting XSS Type: Remote Severity: Medium Impact: Direct execution of arbitrary code in the context of Webserver user. Release Date: 16.04.2012 CVE: CVE-2012-2234 Author: Marcos Garcia @artsweb Release mode: Coordinated release...

CitrusDB 2.4.1 - Local File Inclusion SQL Injection

CitrusDB 2.4.1 - Local File Inclusion SQL Injection source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit...

CitrusDB 2.4.1 - Local File Inclusion / SQL Injection

source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, an...

Egroupware 1.8.002 Cross Site Scripting

Egroupware v1.8.002 processexec.php Reflected Cross-Site Scripting XSS Google Dork: inurl:etemplate/processexec.php Title: Egroupware v1.8.002 processexec.php Remote XSS Vulnerability Type: Remote Author: Marcos Garcia Severity: Medium – CVSS: 5 AV:N/AC:L/Au:N/C:N/I:P/A:N Impact: Direct execution...

PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability

This host is running PHP Built-in WebServer and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodphpbuiltinwebsrvdosvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability Authors: Sooraj KS Copyright:...

PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability

PHP Built-in WebServer is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Struts 2.0 - XSLTResult.java Arbitrary File Upload

Apache Struts 2.0 - XSLTResult.java Arbitrary File Upload source: https://www.securityfocus.com/bid/52702/info Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to upload arbitrar...

Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload

source: https://www.securityfocus.com/bid/52702/info Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process...

AtMail 1.04 - Multiple Vulnerabilities

AtMail 1.04 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/52684/info AtMail is prone to multiple directory-traversal vulnerabilities, an arbitrary-file-upload vulnerability, and an information-disclosure vulnerability because the application fails to sanitize user-supplied...

AtMail 1.04 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/52684/info AtMail is prone to multiple directory-traversal vulnerabilities, an arbitrary-file-upload vulnerability, and an information-disclosure vulnerability because the application fails to sanitize user-supplied input. An attacker can exploit these...