Cobbler Admin Interface Detection

A web-based administration interface for Cobbler, a Linux installation server, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid59400; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Cobbler Admin Interface...

Pritlog v0.821 CMS - Multiple Web Vulnerabilities

Title: ====== Pritlog v0.821 CMS - Multiple Web Vulnerabilities Date: ===== 2012-04-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=534 VL-ID: ===== 534 Introduction: ============= PRITLOG is an extremely simple, small 500K uncompressed and powerful blog system. It...

admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF...

admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF...

Multiple vulnerabilities in OSClass

Advisory ID: CSA-12003 Title: Multiple vulnerabilities in OSClass Product: OSClass Version: 2.3.4 and probably prior Vendor: osclass.org Vulnerability type: SQL injection, XSS, Remote file inclusion Vendor notification: 2012-01-12 Public disclosure: 2012-01-27 OSClass version 2.3.4 and probably...

CVE-2011-5078

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...

CVE-2012-1034

Multiple cross-site scripting XSS vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-1034

EPiServer CMS admin interface prior to 6R2 contains XSS vulnerabilities that allow remote attackers to inject arbitrary script/HTML via unspecified vectors. Affects EPiServer CMS through 6R2; CVSS v2 base score 4.3 (Medium). Remediation referenced in public hotfix materials (CMS 6-R2 hotfix); exp...

JON: Multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network aka JON or JBoss ON before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Splunk - Remote Command Execution

from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: http://www.sec-1.com/blog/?p=233 Splunk remote root exploit. Author...

Owl Intranet Engine 1.00 Authentication Bypass

Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...

Filmis 0.2 Cross Site Request Forgery / Cross Site Scripting

========================================= Filmis - Version 0.2 Mullti Vulnerability ========================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0 0 . .--. .--. .---. . 1 1 .'| / | 0 0 | --: --: / .-.| .-. . . 1 1 | / | | | 0 0 '---' --' --' ' -'--'---| 1 1 ; 0 ...

SonicWall NSA 4500 Cross Site Scripting / Session Hijacking

While pentesting a a WIFI network on a customer, we found some vulnerabilities in the SonicWall NSA 4500. You can find details here: http://www.pentest.es/vulnssonicpoint.txt -------------------------------------------------- Title: ====== SonicWall products with incompatible MAC spoofing...

Phorum 5.2.18 Cross-site scripting vulnerability

Advisory: Phorum 5.2.18 Cross-site scripting vulnerability Advisory ID: SSCHADV2011-023 Author: Stefan Schurtz Affected Software: Successfully tested on Phorum 5.2.18 Vendor URL: http://www.phorum.org/ Vendor Status: informed CVE-ID: - ========================== Vulnerability Description:...

MyAuth 3 Blind SQL Injection

Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdotorg | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...

Honeywall admin interface arbitrary file read vulnerability-vulnerability warning-the black bar safety net

Publishing author: cnyouker Vulnerability type: arbitrary file traversal/download Vulnerability description: Honeywall admin interface arbitrary file read vulnerability Detailed description: admin/docs.pl for the POST of the file check is not strict. Can construct their own post package to read...

CVE-2011-2078

Technical details (affected product/versions, root cause, exploitability) are not publicly provided in the supplied documents. Monitor for updates from these sources.

mailman -- CSRF hardening in parts of the web interface

The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...

Cross-site Scripting (XSS) Vulnerabilities in webSPELL

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in webSPELL which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in webSPELL 1.1 The vulnerability exists due to input sanitation error in the "pass" and "touser...