POSH Local File Include and Cross Site Scripting Vulnerabilities

POSH is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the contex...

2Moons 1.4 - Multiple Remote File Inclusions

2Moons 1.4 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/50046/info 2Moons is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obta...

2Moons 1.4 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/50046/info 2Moons is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or execute arbitrary...

GoAhead Web Server 2.18 - addgroup.asp?group Cross-Site Scripting

GoAhead Web Server 2.18 - addgroup.asp?group Cross-Site Scripting source: https://www.securityfocus.com/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied...

GoAhead Web Server 2.18 - 'addlimit.asp?url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser...

GoAhead Web Server 2.18 - 'adduser.asp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser...

GoAhead Web Server 2.18 - 'addgroup.asp?group' Cross-Site Scripting

source: https://www.securityfocus.com/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser...

GoAhead Webserver multiple stored XSS vulnerabilities

Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...

BuzzyWall 1.3.2 - resolute.php Information Disclosure

BuzzyWall 1.3.2 - resolute.php Information Disclosure source: https://www.securityfocus.com/bid/50018/info BuzzScripts BuzzyWall is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local...

BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure

source: https://www.securityfocus.com/bid/50018/info BuzzScripts BuzzyWall is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local files in the context of the webserver process. This may...

DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval

Title ----- DDIVRT-2011-36 Cybele Software, Inc. ThinVNC Product Suite Arbitrary File Retrieval Severity -------- High Date Discovered --------------- September 6th, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...

sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities

sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities Luigi Auriemma Application: Sunway ForceControl http://www.sunwayland.com.cn/pro.asp Versions: B9 19000000 MOV ECX,19 004022E6 . 33C0 XOR EAX,EAX 004022E8 . 8D7C24 24 LEA EDI,DWORD PTR SS:ESP+24 004022EC . 83FE 64 CMP ESI,64 ; our value...

Cogent DataHub Integer Overflow Vulnerability

Cogent DataHub is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PlaySMS 'apps_path[themes]' Parameter Multiple Remote File Include Vulnerabilities

PlaySMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Multiple WordPress Plugins - timthumb.php File Upload

Multiple WordPress Plugins - timthumb.php File Upload Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the...

Sunway ForceControl WebServer 'httpsvr.exe' Buffer Overflow Vulnerability

Sunway ForceControl is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress 1 Flash Gallery Plugin - Arbitrary File Upload Exploit (Metasploit)

WordPress 1 Flash Gallery plugin is prone to a vulnerability which allows attackers to upload arbitrary files. This is because it fails to adequately clean up user-supplied input. In this way, the attackers can use this vulnerability to upload an arbitrary code and then run it in the context of t...

Pluck CMS 4.7 - Multiple Local File Inclusion File Disclosure Vulnerabilities

Pluck CMS 4.7 - Multiple Local File Inclusion File Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/49525/info Pluck is prone to multiple file-include and a file-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the...

TinyWebGallery 1.8.4 - Local File Inclusion SQL Injection

TinyWebGallery 1.8.4 - Local File Inclusion SQL Injection source: https://www.securityfocus.com/bid/49393/info TinyWebGallery is prone to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, explo...

TinyWebGallery 1.8.4 - Local File Inclusion / SQL Injection

source: https://www.securityfocus.com/bid/49393/info TinyWebGallery is prone to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and...