1734 matches found
MongoDB Web Interface Detection
The remote web server is running the MongoDB Web Admin Interface. This interface lists information of interest to administrators of MongoDB, a document-oriented database system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65915; scriptversion"1.6";...
Mutiny Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Mutiny Remote Command Execution',...
CVE-2013-0124
Multiple cross-site scripting XSS vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the 1 Number or 2 UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll...
CVE-2013-0124
Multiple cross-site scripting XSS vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the 1 Number or 2 UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll...
GroundWork Monitor Enterprise 6.7.0 XSS / Disclosure / Command Execution
GroundWork Monitor Enterprise version 6.7.0 suffers from insufficient authentication, file disclosure, file modification, cross site scripting, XML external entity injection, command injection, and various other vulnerabilities. Detailed proof of concepts were removed by the author because...
HP Intelligent Management Center 5.1 E0202 Cross Site Scripting
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: HP Intelligent Management Center Vendor URL: www.hp.com Type: Cross-Site Scripting CWE-79 Date found: 2012-06-08 Date published: 2013-03-04 CVSSv2 Score: CWE-79: 3,5 AV:N/AC:M/Au:S/C:N/I:P/A:...
django -- multiple vulnerabilities
The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...
CVE-2013-1471
CVE-2013-1471 describes multiple XSS vulnerabilities in Fortinet FortiMail prior to 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances. The issues arise from insufficient input sanitization in the web UI, specifically in admin/FEAdmin.html (the Add field for the Black List under Antisp...
MyAuth3 - Blind SQL Injection
Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...
MyAuth3 - Blind SQL Injection
MyAuth3 - Blind SQL Injection Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit ...
MyAuth3 Blind SQL Injection
Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdotorg | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...
Novell GroupWise Internet Agent 8.x <= 8.0.2 HP3 / 12.x < 12.0.1 Multiple Vulnerabilities
The version of Novell GroupWise Internet Agent running on the remote host is 8.x less than or equal to 8.0.2 HP3, or 12.x earlier than 12.0.1. As such, it is potentially affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing requests to the web-bas...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the fullname parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party...
WEBSHELL box system V1. 0 Inbox sub-code vulnerability-vulnerability warning-the black bar safety net
/admin/check. asp The detection of the background of the landing place !-- Include File="../conn. asp" - !-- Include File="../inc/checkstr. asp" - % If TrimRequest. Cookies"YBCookies" = "" Then response. Redirect "login. asp" response. End else dim Rs,SQL SQL = "SELECT FROM YBAdmin where...
CVE-2012-2209
Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...
Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
Title : Joomla comniceajaxpoll = 1.3.0 SQL Injection Vulnerability Author : Patrick de Brouwer - @knickz0r NLSecurity - www.nlsecurity.org Dork : inurl:"/index.php?option=comniceajaxpoll" Software : Joomla component Nice Ajax Poll = 1.3.0 http://dmitry.dn.ua/my-projects/304-nice-ajax-poll.html...
Sysax 5.62 Admin Interface Local Buffer Overflow
!/usr/bin/python Title: Sysax " not in fullpage: page = r.recv4096 fullpage += page time.sleep1 regex the sid from the page global sid sid = re.searchr'sid=a-zA-Z0-940',fullpag...
Sysax <= 5.62 Admin Interface Local Buffer Overflow
Exploit for windows platform in category local exploits !/usr/bin/python Title: Sysax = 5.62 Admin Interface Local Buffer Overflow Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Date Discovered: June 15, 2012 Vendor Contacted: June 19, 2012 Details:...
Sysax 5.62 - Admin Interface Local Buffer Overflow
Sysax 5.62 - Admin Interface Local Buffer Overflow !/usr/bin/python Title: Sysax " not in fullpage: page = r.recv4096 fullpage += page time.sleep1 regex the sid from...
RuggedCom RuggedOS Web-Based Admin Interface Default Credentials
Binary data scadaruggedosdefaultaccountshttp.nbin...