5285 matches found
IceWarp Universal WebMail - mailindex.html?lang_settings Remote File Inclusion
IceWarp Universal WebMail - mailindex.html?langsettings Remote File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal...
IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion
IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into...
IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions
IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal...
IceWarp Universal WebMail - '/mail/settings.html?Language' Local File Inclusion
source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can exploit these issues to include arbitra...
Tolva 0.1 - Usermods.php Remote File Inclusion
Tolva 0.1 - Usermods.php Remote File Inclusion source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
Tolva 0.1 - 'Usermods.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker...
toendaCMS.txt
Description: ToendaCMS is an Open Source XML web content management system released under the GNU General Public License. You can use it for free. ToendaCMS is optimized for fast and easy setup and works on any standard webserver platform that supports PHP and was tested successfully on Windows...
Gallery 2.x Security Advisory
Gallery is an open source web based photo album organizer. The 2.x is a newly released complete rewrite of the application. Url: http://gallery.menalto.com Contact: [email protected] An internal security audit turned up 3 separate vulnerabilities. These are all resolved in Gallery 2.0.2, releas...
PHP Photo Album 0.2.34.1 - Local File Inclusion
PHP Photo Album 0.2.34.1 - Local File Inclusion source: https://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges o...
PHP Photo Album 0.2.3/4.1 - Local File Inclusion
source: https://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process. Note that this issue ma...
Raptor FW version 6.5 detection
By sending an invalid HTTP request to an webserver behind Raptor firewall, the http proxy itself will respond. The server banner of Raptor FW version 6.5 is always 'Simple, Secure Web Server 1.1' You should avoid giving an attacker such information. OpenVAS Vulnerability Test $Id: raptordetect.na...
ddicgi.exe vulnerability
The file ddicgi.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker may use this file to gain access to confidential data or escalate their privileges on the Web server. OpenVAS Vulnerability Test $Id: ddicgi.nasl 8023 2017-12-07 08:36:26Z teissa...
Jigsaw webserver MS/DOS device DoS
It was possible to crash the Jigsaw web server by requesting /servlet/con about 30 times. A cracker may use this attack to make this service crash continuously. OpenVAS Vulnerability Test $Id: jigsawmsdosdevDoS.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Jigsaw webserver MS/DOS device Do...
Snitz Forums 2000 SQL injection
The remote host is using Snitz Forum 2000 This version allow an attacker to execute stored procedures and non-interactive operating system commands on the system. The problem stems from the fact that the 'Email' variable in the register.asp module fails to properly validate and strip out maliciou...
MiniShare webserver buffer overflow
MiniShare 1.4.1 and prior versions are affected by a buffer overflow flaw. A remote attacker could execute arbitrary commands by sending a specially crafted file name in a the GET request. Version 1.3.4 and below do not seem to be vulnerable. OpenVAS Vulnerability Test $Id: minishareoverflow.nasl...
Keene digital media server XSS
The remote host runs Keene digital media server, a webserver used to share digital information. This version is vulnerable to multiple cross-site scripting attacks which may allow an attacker to steal the cookies of users of this site. OpenVAS Vulnerability Test $Id: keenexss.nasl 6053 2017-05-01...
CSNews.cgi vulnerability
The CSNews.cgi exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the Web server. OpenVAS Vulnerability Test $Id: csnews.nasl 7175 2017-09-18 11:55:15Z...
Xedus Denial of Service
The remote host runs Xedus Peer to Peer webserver. This version is vulnerable to a denial of service. An attacker could stop the webserver accepting requests from users by establishing multiple connections from the same host. OpenVAS Vulnerability Test $Id: xedusdos.nasl 6056 2017-05-02 09:02:50Z...
bizdb1-search.cgi located
BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at the privilege level of the webserver. The variable is dbname, and if passed a semicolon...
Microsoft IIS UNC Mapped Virtual Host Vulnerability
Your IIS webserver allows the retrieval of ASP/HTR source code. An attacker can use this vulnerability to see how your pages interact and find holes in them to exploit. OpenVAS Vulnerability Test $Id: iisuncmappedvirthostvuln.nasl 6046 2017-04-28 09:02:54Z teissa $ Description: Microsoft IIS UNC...