Jaow CMS 2.3 - Cross-Site Request Forgery

Exploit Title: Jaow CMS v2.3 CSRF Vulnerability Author: DaOne LCA Date: 15/8/2012 Software Link: http://www.jaow.net Or: http://scripts.toocharger.com/fiches/scripts/jaow/5370.htm CSRF Add Admin...

Atmail Email Server WebAdmin Control Panel dbconfig.ini Information Disclosure

The remote web server hosts a version of Atmail Webmail that fails to properly restrict access to its database configuration file. A remote, unauthenticated attacker could obtain database connection information and then leverage this data to assist in further attacks. %NASLMINLEVEL 70300 C Tenabl...

Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure

Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure

Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website : http://0c0c0c0c.com Vendor : http://atmail.com...

Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure

Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website : http://0c0c0c0c.com Vendor : http://atmail.com...

Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure

Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail :...

Netsweeper WebAdmin Portal Multiple Vulnerabilities

Netsweeper WebAdmin Portal Multiple Vulnerabilities. CVE-2012-2446,CVE-2012-2447. Webapps exploit for php platform Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and "The later" Date: Discovered and reported CSRF and XSS reported 4/2012 and "The later" reported 7/2012 Author: Jac...

CVE-2012-3238

Cross-site scripting XSS vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment optional" field...

Cross site scripting

Cross-site scripting XSS vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment optional" field...

CVE-2012-3238

CVE-2012-3238 describes a cross-site scripting (XSS) vulnerability in the Backup/Restore component of WebAdmin on Astaro Security Gateway, exploited by injecting arbitrary web-script/HTML via the “Comment (optional)” field. Affected product/version scope: Astaro Security Gateway prior to 8.305 (W...

CVE-2012-3238

Cross-site scripting XSS vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment optional" field...

CVE-2012-3859

Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447...

Cross site scripting

Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...

Design/Logic Flaw

Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447...

CVE-2012-2447

Cross-site request forgery CSRF vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action...

CVE-2012-2446

Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...

CVE-2012-2447

CVE-2012-2447 is a CSRF flaw in the Netsweeper WebAdmin Portal, specifically in accountmgr/adminupdate.php. The vulnerability allows an attacker to hijack an administrator’s session and perform actions that create new administrative accounts via the add action. Public materials in the connected R...

CVE-2012-2446

CVE-2012-2446 is a real XSS vulnerability in Netsweeper’s WebAdmin Portal. The issue affects the WebAdmin Portal’s tools/local_lookup.php, where the group parameter in a lookup action can be exploited to inject arbitrary web script or HTML remotely. The root cause is an inadequate input validatio...

CVE-2012-3859

CVE-2012-3859 is identified in the connected documents as a SQL Injection vulnerability affecting the Netsweeper WebAdmin Portal. The Red Hat entry describes it as an unspecified vulnerability with unknown impact, and the exploit references (Exploit-DB/PacketStorm) associate this CVE with a SQL I...