55 matches found
Design/Logic Flaw
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action...
CVE-2013-6043
CVE-2013-6043 affects Softaculous Webuzo prior to 2.1.4 where the login function reveals different error messages depending on whether a user account exists, allowing remote username enumeration. The issue is documented alongside related vulnerabilities (CVE-2013-6041/6042) in Webuzo 2.1.3-era ad...
CVE-2013-6041
CVE-2013-6041 affects Softaculous Webuzo prior to 2.1.4. The issue is a remote command injection in index.php during the login action, exploitable via shell metacharacters in the SOFTCookies sid cookie. Root cause: insufficient input sanitization in the login flow allows an attacker to inject and...
CVE-2013-6041
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action...
CVE-2013-6043
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests...
Webuzo 2.1.3 - Multiple Vulnerabilities
No description provided by source...
Webuzo 2.1.3 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS...
Webuzo 2.1.3 - Multiple Vulnerabilities
Webuzo 2.1.3 - Multiple Vulnerabilities Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2...
Webuzo 2.1.3 - Multiple Vulnerabilities
Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2 FINAL CVE : CVE-2013-6041, CVE-2013-6042,...
CVE-2013-6042
Cross-site scripting XSS vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...
CVE-2013-6042
Cross-site scripting XSS vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...
CVE-2013-6042
CVE-2013-6042 is a Cross-site Scripting (XSS) vulnerability in Softaculous Webuzo’s File Manager module, specifically in filemanager/login.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the user parameter, as described for Webuzo before version 2.1.4. This is a r...
Webuzo Detection (HTTP)
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability
Webuzo is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...