Sun Java Web Server 7.0 u7 Admin Interface DoS

No description provided by source. Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across this semi amusing DOS:...

ovirt-engine-webadmin: session fixation

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-2084

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to 1 scripts/commands/getSystemInformation or 2...

CVE-2014-2084

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to 1 scripts/commands/getSystemInformation or 2...

Canon PIXMA Printer Administration Authentication Bypass

The remote printer contains a flaw that could allow a remote attacker to obtain sensitive information. The HTTP admin interface does not require credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid73375;...

Technicolor TC7200 - Credentials Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Technicolor TC7200: Authentication Bypass Google Dork: N/A Date: 24-02-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.technicolor.com/ Software Link:...

Technicolor TC7200 - Credentials Disclosure

Exploit Title: Technicolor TC7200: Authentication Bypass Google Dork: N/A Date: 24-02-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.technicolor.com/ Software Link:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the 1 fullname parameter to admin/accesscontroluseredit.php or 2 workname parameter to...

CVE-2014-0651

The administrative interface in Cisco Context Directory Agent CDA does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347...

CVE-2013-6830

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation...

CVE-2013-5540

The file-upload feature in Cisco Identity Services Engine ISE allows remote authenticated users to cause a denial of service disk consumption and administration-interface outage by uploading many files, aka Bug ID CSCui67519...

Netgear ProSafe - Denial of Service Vulnerability

Netgear ProSafe switches suffer from denial of service and unauthenticated startup-config disclosure vulnerabilities. import sys, getopt, urllib2 from subprocess import version = "0.1" author = "Juan J. Guelfo, Encripto AS email protected" Prints title and other header info def header: print ""...

NETGEAR ProSafe - Information Disclosure

NETGEAR ProSafe - Information Disclosure !/usr/bin/python Netgear ProSafe - CVE-2013-4775 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php...

Netgear ProSafe - Denial of Service

!/usr/bin/python Netgear ProSafe - CVE-2013-4776 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import sys, getopt, urllib2 from subprocess...

Netgear ProSafe - Information Disclosure

!/usr/bin/python Netgear ProSafe - CVE-2013-4775 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import sys, getopt, urllib2 version = "0.1"...

CVE-2013-4613

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has...

CVE-2013-4613

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has...

Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU)

The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - Cross-site scripting XSS vulnerabilities exist in its admin and rest interface. These vulnerabilities permit JavaScript to be run in the context of GlassFish, which may result in credentials of...

CVE-2013-3500

The CVE-2013-3500 entry affects GroundWork Monitor Enterprise 6.7.0: the Foundation webapp Admin interface leaves writable files under /usr/local/groundwork owned by the nagios user, enabling context-dependent attackers to bypass filesystem restrictions by leveraging access to a GroundWork script...

CVE-2013-1515

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface...