GoAhead Web Server 2.5 - goformformTest Multiple Cross-Site Scripting Vulnerabilities

GoAhead Web Server 2.5 - goformformTest Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/50729/info GoAhead WebServer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

Jetty Web Server - Directory Traversal

Jetty Web Server - Directory Traversal source: https://www.securityfocus.com/bid/50723/info Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within t...

GoAhead Web Server 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/50729/info GoAhead WebServer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

Jetty Web Server - Directory Traversal

source: https://www.securityfocus.com/bid/50723/info Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Informatio...

Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate...

Oracle NoSQL 11g 1.1.100 R2 - log Directory Traversal

Oracle NoSQL 11g 1.1.100 R2 - log Directory Traversal source: https://www.securityfocus.com/bid/50567/info Oracle NoSQL is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain...

Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal

source: https://www.securityfocus.com/bid/50567/info Oracle NoSQL is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain arbitrary local files in the context of the webserver...

apache2: Fixed several security issues (important)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

CVE-2011-4273

Multiple cross-site scripting XSS vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via 1 the group parameter to goform/AddGroup, related to addgroup.asp; 2 the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the 3 user aka...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via 1 the group parameter to goform/AddGroup, related to addgroup.asp; 2 the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the 3 user aka...

CVE-2011-4273

Multiple cross-site scripting XSS vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via 1 the group parameter to goform/AddGroup, related to addgroup.asp; 2 the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the 3 user aka...

CVE-2011-4273

CVE-2011-4273 affects Embedthis GoAhead WebServer 2.18. The vulnerability is a set of cross-site scripting (XSS) issues that allow remote attackers to inject arbitrary web script or HTML via: (1) the group parameter to goform/AddGroup (addgroup.asp), (2) the url parameter to goform/AddAccessLimit...

phpAlbum Multiple Security Vulnerabilities

phpAlbum is prone to an arbitrary-file-download vulnerability, multiple cross-site scripting vulnerabilities, and multiple PHP code- injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute arbitrary script code in the...

vBulletin 4.1.7 - Multiple Remote File Inclusions

vBulletin 4.1.7 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/50455/info vBulletin is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially...

vBulletin 4.1.7 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/50455/info vBulletin is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary scri...

phpAlbum Multiple Security Vulnerabilities

phpAlbum is prone to an arbitrary-file-download vulnerability, multiple cross-site scripting vulnerabilities, and multiple PHP code- injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute arbitrary script code in the...

Alsbtain Bulletin 1.51.6 - Multiple Local File Inclusions

Alsbtain Bulletin 1.51.6 - Multiple Local File Inclusions source: https://www.securityfocus.com/bid/50350/info Alsbtain Bulletin is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain...

Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/50350/info Alsbtain Bulletin is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary...

RuubikCMS 'f' Parameter Information Disclosure Vulnerability

RuubikCMS is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local files in the context of the webserver process. This may allow the attacker to obtain sensitive information; other attack...

ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)

Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...