Lucene search
+L

55 matches found

Prion
Prion
added 2014/12/27 6:59 p.m.13 views

Design/Logic Flaw

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action...

7.5CVSS8.2AI score0.03559EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2014/12/27 6:0 p.m.47 views

CVE-2013-6043

CVE-2013-6043 affects Softaculous Webuzo prior to 2.1.4 where the login function reveals different error messages depending on whether a user account exists, allowing remote username enumeration. The issue is documented alongside related vulnerabilities (CVE-2013-6041/6042) in Webuzo 2.1.3-era ad...

5CVSS7AI score0.02889EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2014/12/27 6:0 p.m.53 views

CVE-2013-6041

CVE-2013-6041 affects Softaculous Webuzo prior to 2.1.4. The issue is a remote command injection in index.php during the login action, exploitable via shell metacharacters in the SOFTCookies sid cookie. Root cause: insufficient input sanitization in the login flow allows an attacker to inject and...

7.5CVSS7.8AI score0.03559EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2014/12/27 6:0 p.m.26 views

CVE-2013-6041

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action...

7.5AI score0.03559EPSS
Exploits3References2
Cvelist
Cvelist
added 2014/12/27 6:0 p.m.28 views

CVE-2013-6043

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests...

6.8AI score0.02889EPSS
Exploits3References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Webuzo 2.1.3 - Multiple Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/02/28 12:0 a.m.59 views

Webuzo 2.1.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS...

7.5CVSS6.5AI score0.03559EPSS
Exploits3
exploitpack
exploitpack
added 2014/02/28 12:0 a.m.41 views

Webuzo 2.1.3 - Multiple Vulnerabilities

Webuzo 2.1.3 - Multiple Vulnerabilities Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2...

7.5CVSS0.1AI score0.03559EPSS
Exploits3
Exploit DB
Exploit DB
added 2014/02/28 12:0 a.m.34 views

Webuzo 2.1.3 - Multiple Vulnerabilities

Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2 FINAL CVE : CVE-2013-6041, CVE-2013-6042,...

7.5CVSS6.4AI score0.03559EPSS
Exploits3
NVD
NVD
added 2013/11/19 4:50 a.m.14 views

CVE-2013-6042

Cross-site scripting XSS vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

4.3CVSS5.6AI score0.01712EPSS
Exploits3References4
Prion
Prion
added 2013/11/19 4:50 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

4.3CVSS6.1AI score0.01712EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2013/11/15 8:0 p.m.28 views

CVE-2013-6042

Cross-site scripting XSS vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

5.6AI score0.01712EPSS
Exploits3References4
CVE
CVE
added 2013/11/15 8:0 p.m.45 views

CVE-2013-6042

CVE-2013-6042 is a Cross-site Scripting (XSS) vulnerability in Softaculous Webuzo’s File Manager module, specifically in filemanager/login.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the user parameter, as described for Webuzo before version 2.1.4. This is a r...

4.3CVSS5.8AI score0.01712EPSS
Exploits3References4Affected Software1
OpenVAS
OpenVAS
added 2013/11/13 12:0 a.m.18 views

Webuzo Detection (HTTP)

The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2013/11/13 12:0 a.m.23 views

Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability

Webuzo is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.4AI score0.03559EPSS
Exploits3References2
Rows per page
Query Builder