559 matches found
Netsweeper Cross-Site Scripting Vulnerability (CNVD-2020-10711)
Netsweeper is a Web content filtering solution from Netsweeper Canada. A cross-site scripting vulnerability exists in the webadmin / policy / grouptableajax.php file in versions of Netsweeper prior to 3.1.10, which stems from a lack of proper validation of client-side data by the WEB application...
CVE-2014-9608
Cross-site scripting XSS vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2014-9615
Cross-site scripting XSS vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php...
Sql injection
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the 1 login parameter to webadmin/auth/verification.php or 2 dpid parameter to webadmin/deny/index.php...
Directory traversal
Directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action...
CVE-2014-9615
Netsweeper 4.0.4 is affected by a cross-site scripting (XSS) vulnerability via the url parameter to webadmin/deny/index.php. The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to script execution in the victim’s browser. The Nuclei template confirms this...
CVE-2014-9614
CVE-2014-9614 (Netsweeper) affects the Web Panel prior to version 4.0.5, where the branding account uses a default password of 'branding'. This allows remote attackers to access the system by targeting the webadmin/ interface. The NUCLEI template confirms the issue and describes impact as unautho...
CVE-2014-9609
Directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action...
CVE-2014-9609
CVE-2014-9609 describes a directory traversal flaw in Netsweeper’s webadmin/reporter/view_server_log.php, exploitable via a .. in the log parameter under a stats action to list directory contents. Affected versions include Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. Reme...
CVE-2014-9608
Netsweeper is affected by an XSS in webadmin/policy/group_table_ajax.php/ across multiple tracked versions: before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. The issue stems from insufficient validation of client-side data via PATH_INFO, enabling remote attackers to inject arbitrary web ...
Shell Backdoor List - PHP / ASP Shell Backdoor List
What is a shell backdoor ? A backdoor shell is a malicious piece of code e.g. PHP, Python, Ruby that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own. How to...
LiteSpeed Technologie OpenLiteSpeed WebAdmin Console Code Execution Vulnerability
LiteSpeed Technologie OpenLiteSpeed is LiteSpeed Technologie's open source Web server . WebAdmin Console is one of the Web-based management console program . A security vulnerability exists in WebAdmin Console in LiteSpeed Technologie OpenLiteSpeed versions prior to 1.6.5. An attacker can exploit...
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
Design/Logic Flaw
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
CVE-2020-5519
The CVE-2020-5519 issue affects OpenLiteSpeed’s WebAdmin Console prior to 1.6.5, where URL validation in the Server Configuration > External App screen is insufficient. This is documented across multiple sources as enabling potential code execution via the WebAdmin Console. A fixed version is ...
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
CVE-2019-15516
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...
CVE-2019-15516
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...
Directory traversal
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...