Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting

Zeus Web Server 4.x - Admin Interface VSDiag.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, ...

iisPROTECT SQL injection in admin interface

Release Date: 23.05.2003 Application: iisPROTECT v/2.2-r4 and probably earlier versions Vendor: iisPROTECT 536, 425 Carrall St. Vancouver, BC, V6B6E3, Canada http://www.iisprotect.com/ Category: SQL injection in admin interface Risk: Medium-High Impact: Arbitrary command execution Vendor Status:...

Zeus Web Server 4.0/4.1 - Admin Interface Cross-Site Scripting

source: https://www.securityfocus.com/bid/6144/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which...

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to...

CVE-2002-0107

CacheFlow CacheOS 4.0.13 and earlier expose a information disclosure vulnerability in a web administration interface: a sequence of GET requests that do not end with a HTTP/1.0 (or another version) string causes leakage of sensitive data in the error message. Affected product: CacheFlow CacheOS (...

Oracle 9iAS mod_plsql DAD Admin Interface Access

In a default installation of Oracle 9iAS, it is possible to access the modplsql DAD Admin interface. Access to these pages should be restricted. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and contributions from Carmichael Security Erik Anderson Added link to the Bugtra...

CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHPSELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user...

Дырка в PHP-NUKE

С помощью модификации URL возможен доступ к интерфейсу администрирования без пароля администратора. Кроме того, возможно выступать от имени другого пользователя...

Tektronix Phaser 740/750/850/930 - Network Printer Administration Interface

source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach the printer's admin interface,...

Tektronix Phaser 740750850930 - Network Printer Administration Interface

Tektronix Phaser 740750850930 - Network Printer Administration Interface source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewal...

Дырка в Sun AnswerBook2

Непривилигированные пользователи могут получить доступ к интерфейсу администрирования, а так же выполнять программный код на сервере...

CVE-2000-0417

The Cayman gateways (Cayman 3220-H DSL router) are affected by a denial-of-service via entering a long username or password to the HTTP management interface. The root cause is a vulnerability that causes the device to restart, potentially due to a buffer overflow on the stack. Versions prior to 5...

CVE-2024-36550

idccms V1.35 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/vpsCompanydeal.php?mudi=add&nohrefStr=close...