n-cms-equipe 1.1c.Debug - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/39298/info n-cms-equipe is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary loca...

OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/38402/info OpenInferno OI.Blogs is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute...

Debian DSA-1897-1 : horde3 - insufficient input sanitization

Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The HordeFormTypeimage form element allows to reuse a...

Quicksilver Forums Local File Include and Arbitrary File Upload Vulnerabilities

Quicksilver Forums is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files...

New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities

New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/38307/info New-CMS is prone to multiple local file-include vulnerabilities and an HTML-Injection vulnerability because it fails to properly sanitize user-supplied input. An attack...

CMS Made Simple Local File Include and Cross Site Scripting Vulnerabilities

CMS Made Simple is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within...

GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability

Exploit for unknown platform in category web applications ===================================================================== GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability ===================================================================== simply go to http://ipaddress...

Trendnet TV-IP201 Directory Traversal / Authentication Bypass

simply go to http://ipaddress of camera/..%5C..%5C..%5C..%5C..%5C..%5C/config/tcfgsystem.asp system administration page These cams use an embedded version of GoAhead WebServer which is vulnerable to the above attack because they don't correctly filter URL encoded substitutions for the '/'...

CMS Made Simple 1.6.6 - Local File Inclusion Cross-Site Scripting

CMS Made Simple 1.6.6 - Local File Inclusion Cross-Site Scripting source: https://www.securityfocus.com/bid/38234/info CMS Made Simple is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can...

CMS Made Simple 1.6.6 - Local File Inclusion / Cross-Site Scripting

source: https://www.securityfocus.com/bid/38234/info CMS Made Simple is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using...

Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations

Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-travers...

Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations

source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote command-injection issue An attacker may leverage...

Accellion File Transfer - 'Appliance web_client_user_guide.html?lang' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote command-injection issue An attacker may leverage...

JDownloader - JDExternInterface.java Remote Code Execution

JDownloader - JDExternInterface.java Remote Code Execution source: https://www.securityfocus.com/bid/38143/info JDownloader is prone to a vulnerability that lets remote attackers execute arbitrary code. Attackers can exploit this issue to execute arbitrary code within the context of the affected...

GeFest Web Home Server 1.0 - Directory Traversal

GeFest Web Home Server 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/38141/info Gefest Web Home Server is prone to a remote directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view...

JDownloader - 'JDExternInterface.java' Remote Code Execution

source: https://www.securityfocus.com/bid/38143/info JDownloader is prone to a vulnerability that lets remote attackers execute arbitrary code. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process. Versions prior to JDownloader 0.9.334 ar...

XAMPP Multiple Vulnerabilities June 2009

XAMPP is prone to multiple vulnerabilities. 1. showcode.php Local File Include Vulnerability An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. 2. Multiple Cross Site Scripting Vulnerabilitie...

lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service

source: https://www.securityfocus.com/bid/38036/info The 'lighttpd' webserver is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users. slowtest.sh for j=0;j/dev/null 2/dev/null & done& sleep 3 don...

HTTP WebDAV Scanner

Detect webservers with WebDAV enabled This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP WebDAV Scanner', 'Description' = 'Detect webservers with WebDAV enabled', 'Author' = 'et', 'License' =...

HTTP WebDAV Internal IP Scanner

Detect webservers internal IPs though WebDAV This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP WebDAV Internal IP Scanner', 'Description' = 'Detect webservers internal IPs though WebDAV',...