559 matches found
Atmail Remote Authentication Bypass, Full DB Compromise
@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...
CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
UBUNTU-CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
glassfish-xss.txt
============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...
CVE-2007-6453
RaidenHTTPD 2.0.19 contains a directory traversal vulnerability in raidenhttpd-admin/workspace.php (WebAdmin must be enabled) that allows remote unauthenticated attackers to include and execute arbitrary local files via a .. in the ulang parameter. Multiple sources (NVD/NVDCVE, vendor/JVN entries...
CVE-2007-6453
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ulang parameter...
RaidenHTTPD 2.0.19 (ulang) Remote Command Execution Exploit
No description provided by source. rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0.19 ulang cmd exec poc exploit rem WebAdmin one - not enabled by default anymore rem however works regardless of php.ini, because rem "ulang" comes from $GET and some magicquo rem tesgpc disable...
RaidenHTTPD 2.0.19 ulang cmd exec poc exploit
rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0.19 ulang cmd exec poc exploit rem WebAdmin one - not enabled by default anymore rem however works regardless of php.ini, because rem "ulang" comes from $GET and some magicquo rem tesgpc disable code,lame divertissement one rem to...
RaidenHTTPD 2.0.19 (ulang) Remote Command Execution Exploit
Exploit for unknown platform in category remote exploits =========================================================== RaidenHTTPD 2.0.19 ulang Remote Command Execution Exploit =========================================================== rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0....
RaidenHTTPD 2.0.19 - ulang Remote Command Execution
RaidenHTTPD 2.0.19 - ulang Remote Command Execution rem raidenhttpdudo.cmd @echo off color 0a rem RaidenHTTPD 2.0.19 ulang cmd exec poc exploit rem WebAdmin one - not enabled by default anymore rem however works regardless of php.ini, because rem "ulang" comes from $GET and some magicquo rem tesg...
CVE-2003-1463
CVE-2003-1463 describes an absolute path traversal flaw in Alt-N Technologies WebAdmin 2.0.0–2.0.2. With administrator privileges, an attacker can (1) determine the installation path by reading the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. ...
CVE-2003-1463
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to 1 determine the installation path by reading the contents of the Name parameter in a link, and 2 read arbitrary files via an absolute path in the Name...
CVE-2004-2734
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder...
AuraCMS 1.5rc Multiple Remote SQL Injection Vulnerabilities
No description provided by source. AuraCMS version 1.5rc - Multiple Remote SQL Injection Vulnerabilities Vendor : http://www.auracms.org/ Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net // Kutu pada berkas 'hal.php' baris-7 $perintah="SELECT FROM...
Design/Logic Flaw
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...