CVE-2013-1515

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface...

CVE-2013-1515

CVE-2013-1515 affects Oracle GlassFish Server 3.0.1 and 3.1.2; an unspecified vulnerability in the ADMIN interface allows remote attackers to affect integrity. The NVD entry provides a CVSS v2 base score of 4.3 (NETWORK, MEDIUM, with partial integrity impact). Other connected sources corroborate ...

CVE-2013-1515

Removed by vendor...

MongoDB Web Interface Detection

The remote web server is running the MongoDB Web Admin Interface. This interface lists information of interest to administrators of MongoDB, a document-oriented database system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65915; scriptversion"1.6";...

Mutiny Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Mutiny Remote Command Execution',...

CVE-2013-0124

Multiple cross-site scripting XSS vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the 1 Number or 2 UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll...

CVE-2013-0124

Multiple cross-site scripting XSS vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the 1 Number or 2 UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll...

GroundWork Monitor Enterprise 6.7.0 XSS / Disclosure / Command Execution

GroundWork Monitor Enterprise version 6.7.0 suffers from insufficient authentication, file disclosure, file modification, cross site scripting, XML external entity injection, command injection, and various other vulnerabilities. Detailed proof of concepts were removed by the author because...

HP Intelligent Management Center 5.1 E0202 Cross Site Scripting

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: HP Intelligent Management Center Vendor URL: www.hp.com Type: Cross-Site Scripting CWE-79 Date found: 2012-06-08 Date published: 2013-03-04 CVSSv2 Score: CWE-79: 3,5 AV:N/AC:M/Au:S/C:N/I:P/A:...

django -- multiple vulnerabilities

The Django Project reports: These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities. Host header poisoning an attacker could cause Django to generate and display URLs that link to...

CVE-2013-1471

CVE-2013-1471 describes multiple XSS vulnerabilities in Fortinet FortiMail prior to 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances. The issues arise from insufficient input sanitization in the web UI, specifically in admin/FEAdmin.html (the Add field for the Black List under Antisp...

MyAuth3 - Blind SQL Injection

MyAuth3 - Blind SQL Injection Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit ...

MyAuth3 - Blind SQL Injection

Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...

MyAuth3 Blind SQL Injection

Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdotorg | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...

Novell GroupWise Internet Agent 8.x <= 8.0.2 HP3 / 12.x < 12.0.1 Multiple Vulnerabilities

The version of Novell GroupWise Internet Agent running on the remote host is 8.x less than or equal to 8.0.2 HP3, or 12.x earlier than 12.0.1. As such, it is potentially affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing requests to the web-bas...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the fullname parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party...

WEBSHELL box system V1. 0 Inbox sub-code vulnerability-vulnerability warning-the black bar safety net

/admin/check. asp The detection of the background of the landing place !-- Include File="../conn. asp" - !-- Include File="../inc/checkstr. asp" - % If TrimRequest. Cookies"YBCookies" = "" Then response. Redirect "login. asp" response. End else dim Rs,SQL SQL = "SELECT FROM YBAdmin where...

CVE-2012-2209

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection

Title : Joomla comniceajaxpoll = 1.3.0 SQL Injection Vulnerability Author : Patrick de Brouwer - @knickz0r NLSecurity - www.nlsecurity.org Dork : inurl:"/index.php?option=comniceajaxpoll" Software : Joomla component Nice Ajax Poll = 1.3.0 http://dmitry.dn.ua/my-projects/304-nice-ajax-poll.html...

Sysax 5.62 - Admin Interface Local Buffer Overflow

Sysax 5.62 - Admin Interface Local Buffer Overflow !/usr/bin/python Title: Sysax " not in fullpage: page = r.recv4096 fullpage += page time.sleep1 regex the sid from...