Design/Logic Flaw

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...

CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...

CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...

CVE-2016-9149

CVE-2016-9149 affects Palo Alto Networks PAN-OS. The Addresses Object parser mishandles single quote characters, enabling an XPath injection via a crafted string. A remote authenticated attacker can exploit this in PAN-OS releases prior to fixed versions: 5.0.x < 5.0.20, 5.1.x < 5.1.13, 6.0...

XPath Injection

The Addresses Object parsing function does not properly escape single quotes. Ref PAN-55237/92073/CVE-2016-9149 This post-authentication vulnerability could allow XPath manipulation. This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14...

XPath Injection

The Addresses Object parsing function does not properly escape single quotes. Ref PAN-55237/92073/CVE-2016-9149 This post-authentication vulnerability could allow XPath manipulation. This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14...

WSSAT - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

Trend Micro Control Manager AdHocQuery_SelectView XPATH Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQuerySelectView.aspx. The issue lies in the failure to sanitize...

Trend Micro Control Manager AdHocQuery_SelectView XPATH Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQuerySelectView.aspx. The issue lies in the failure to sanitize...

The vulnerability of the ZENworks Configuration Management information system allows attackers to carry out “Xpath injection” attacks and gain read access to text files.

The vulnerability of the ChangePassword RPC method in the ZENworks Configuration Management information system management software is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to perform “Xpath injection” attacks and gain access to tex...

Novell ZENworks ChangePassword RPC XPath Injection

The remote Novell ZENWworks Configuration Management ZCM server is affected by an information disclosure vulnerability in the ChangePassword RPC implementation that is triggered when handling malformed queries involving a system entity reference. An unauthenticated, remote attacker can exploit...

Design/Logic Flaw

The ChangePassword RPC method in Novell ZENworks Configuration Management ZCM 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference...

CVE-2015-5970

The ChangePassword RPC method in Novell ZENworks Configuration Management ZCM 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference...

CVE-2015-5970

Novell ZENworks Configuration Management (ZCM) versions 11.3 and 11.4 are affected by an information-disclosure vulnerability in the ChangePassword RPC. The root cause is XPath injection triggered by malformed queries that reference a system entity, allowing an unauthenticated, remote attacker to...

CVE-2015-5970

The ChangePassword RPC method in Novell ZENworks Configuration Management ZCM 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference...

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

Novell ZENworks Configuration Management is the configuration management solution within the ZENworks System Gateway tool. A security vulnerability exists in the ChangePassword RPC method of Novell Zenworks, where, through a malformed query, an attacker combines a reference to a system entity wit...

Damn Vulnerable Web Services: DVWS

Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment. This application is designed to understand the...

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker ca...

Joomla Spider Random Article Component - SQL Injection

Exploit Title : Joomla Spider Random Article Component SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : http://demo.web-dorado.com/spider-random-article.html Date : 22/03/2015 Discovered at : IndiShell Lab Love to : error1046 ^^ ,Team IndiShell,Codebreaker ICA...

Joomla Spider Random Article Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Joomla Spider Random Article Component SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : http://demo.web-dorado.com/spider-random-article.html Date : 22/03/2015 Discovered at : IndiShell Lab Love to...