559 matches found
Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS
The version of Atmail WebMail running on the remote host is vulnerable to multiple cross-site scripting issues. 'webadmin/admin.php' fails to sanitize input to the 'func' parameter, and to the 'type' parameter when 'func' is set to 'stats'. This is known to affect version 5.6.1 5.61 and may affec...
Asbru Web Content Management 6.56.6.9 - SQL Injection Cross-Site Scripting
Asbru Web Content Management 6.56.6.9 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/34349/info Asbru Web Content Management is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize...
Debian DSA-1735-1 : znc - missing input sanitization
It was discovered that znc, an IRC proxy/bouncer, does not properly sanitize input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands CVE-2009-0759 . %NASLMINLEVEL 70300 C...
DSA-1735-1 znc - privilege escalation
Bulletin has no description...
ZNC Webadmin模块回车换行符注入漏洞
BUGTRAQ ID: 33899 CVECAN ID: CVE-2009-0759 ZNC是一个IRC代理,允许用户从工作站登录到IRC服务器。 ZNC的Webadmin模块中存在多个回车换行符注入(CRLF)漏洞。通过认证的远程攻击者可以修改znc.conf配置文件并在quit消息中注入CRLF序列导致以提升的权限执行任意代码。 ZNC 0.066 厂商补丁: ZNC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://downloads.sourceforge.net/znc/znc-0.066.tar.gz?usemirror=garr So...
CVE-2009-0759
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
DEBIAN-CVE-2009-0759
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
Crlf injection
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
CVE-2009-0759
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
CVE-2009-0759
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
CVE-2009-0759
CVE-2009-0759 affects znc, specifically the webadmin interface used to modify znc.conf. The root cause is missing input sanitization in configuration change requests, allowing CRLF injection that can elevate privileges of authenticated users and indirectly execute arbitrary commands. Disclosures ...
CVE-2009-0759
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
UBUNTU-CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
CVE-2008-4243
Directory traversal vulnerability in ImageServer aka UTImageServer in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 UT3 1.3 allows remote attackers to read arbitrary files via a .. dot dot in the URI...
Directory traversal
Directory traversal vulnerability in ImageServer aka UTImageServer in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 UT3 1.3 allows remote attackers to read arbitrary files via a .. dot dot in the URI...
CVE-2008-4243
The CVE-2008-4243 entry describes a directory traversal vulnerability in ImageServer (UTImageServer) used by WebAdmin prior to version 1.7 for Unreal Tournament 3 (UT3) 1.3. The flaw allows remote attackers to read arbitrary files by supplying a .. (dot dot) in the URI, potentially exposing sensi...
CVE-2008-4243
Directory traversal vulnerability in ImageServer aka UTImageServer in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 UT3 1.3 allows remote attackers to read arbitrary files via a .. dot dot in the URI...
Epic Games Unreal Tournament 3 UT3 WebAdmin目录遍历漏洞
BUGTRAQ ID: 31272 CNCAN ID:CNCAN-2008092305 Unreal Tournament 3 UT3是一款基于Unreal引擎的游戏程序,包含内部WEB服务程序。 Unreal Tournament 3 UT3包含的管理员接口不正确过滤用户输入,远程攻击者可以利用漏洞以WEB权限查看web root外的文件内容。 提交类似如下的请求,可绕过WEB ROOT限制,以WEB权限查看系统文件内容: GET /images/../../UTGame/Config/UTGame.INI HTTP/1.0 Host: localhost Epic Games UT3...