CVE-2009-2233

The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awselogged cookie to 1...

Mole Group Restaurant Directory Script 3.0 - Change Admin Password

Mole Group Restaurant Directory Script 3.0 - Change Admin Password ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Multiple vulnerabilities in Webglimpse

Здравствуйте 3APA3A! Сообщаю вам о найденных мною множественных уязвимостях в Webglimpse. Это Full path disclosure, Cross-Site Scripting, Directory Traversal и Authorization bypass уязвимости. Уязвимости в админке Webglimpse в которую можно попасть через гостевой аккаунт, или захватив кукис админ...

CVE-2008-6596

SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-1077

The Change My Password implementation in the admin interface in Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the...

CVE-2009-0597

SQL injection vulnerability in admin/index.php in w3bcms aka w3blabor CMS before 3.4.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter aka Username field in a login action...

FileZilla FTP Server Admin Interface Denial of Service

This module triggers a Denial of Service condition in the FileZilla FTP Server Administration Interface in versions 0.9.4d and earlier. By sending a procession of excessively long USER commands to the FTP Server, the Administration Interface FileZilla Server Interface.exe when running, will...

Unfixed XSS vulnerability at vhost.oddcast.com

Security researcher UzmiX, has submitted on 13/12/2008 a cross-site-scripting XSS vulnerability affecting vhost.oddcast.com, which at the time of submission ranked 19418 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It is currentl...

eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req)

No description provided by source. / eZ Publish OS Commanding executing exploit by s4avrd0w [email protected] Versions affected 3.x tested on version 3.9.0, 3.9.5, 3.10.1 usage: ./eZPublishabuseoffunctionalityzeroday -u=username -p=password -s=EZPublishserver The options are required: -u Login of t...

eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req)

Exploit for unknown platform in category web applications =================================================================== eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit admin req =================================================================== / eZ Publish OS Commanding executing...

netgear-dos.txt

Not sure how to rate this, but at the same time, i really don't give a shit. one of those days... You can crash the admin interface by sending a malformed URL to the web interface of this wireless router. No recovery, a reboot fixes the issue. Wouldn't even really call it a "malformed URL" either...

Openfire Server 3.6.0a - Authentication Bypass SQL Injection Cross-Site Scripting

Openfire Server 3.6.0a - Authentication Bypass SQL Injection Cross-Site Scripting Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de...

Openfire AuthCheck Authentication Bypass

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. The installed version of this software contains a design error in its admin interface in that it allows URLs starting with certain strings, such as 'setup/setup-', to circumvent its auth chec...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Openfire Server = 3.6.0a Auth Bypass/SQL/XSS Multiple Vulnerabilities ======================================================================== Advisory: Openfire Serv...

Telecom Italia Alice Pirelli routers Backdoor from internal LAN/WAN

No description provided by source. saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE...

Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN

saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...

mailscan-multi.txt

MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface ======================================================================== Affected Products Product/Company Information Vulnerabilities Directory Traversal It is possible to access files on the system outside of the webroot...

Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication

Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...

CVE-2008-2176

Cross-site scripting XSS vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the 1 error and 2 go parameters to the login page...