CVE-2004-2254

SurgeLDAP 1.0g Build 12, and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter...

osCommerce Admin Interface Detection

Binary data 2507.prm...

advisory13.txt

l0om - l0omatexcluded.org - www.excluded.org greets, while i was "warsearching" with google i suddenly have been on the admin interfaces of many oscommerce sites. i made a: allinurl:admin/filemanager.php for nomal you can only view your oscommerce directorys, but if you type in the following you...

mailman XSS in admin script

Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...

Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting

Zeus Web Server 4.x - Admin Interface VSDiag.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, ...

iisPROTECT SQL injection in admin interface

Release Date: 23.05.2003 Application: iisPROTECT v/2.2-r4 and probably earlier versions Vendor: iisPROTECT 536, 425 Carrall St. Vancouver, BC, V6B6E3, Canada http://www.iisprotect.com/ Category: SQL injection in admin interface Risk: Medium-High Impact: Arbitrary command execution Vendor Status:...

Zeus Web Server 4.0/4.1 - Admin Interface Cross-Site Scripting

source: https://www.securityfocus.com/bid/6144/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which...

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to...

CVE-2002-0107

CacheFlow CacheOS 4.0.13 and earlier expose a information disclosure vulnerability in a web administration interface: a sequence of GET requests that do not end with a HTTP/1.0 (or another version) string causes leakage of sensitive data in the error message. Affected product: CacheFlow CacheOS (...

Oracle 9iAS mod_plsql DAD Admin Interface Access

In a default installation of Oracle 9iAS, it is possible to access the modplsql DAD Admin interface. Access to these pages should be restricted. %NASLMINLEVEL 70300 This script was written by Matt Moore Script audit and contributions from Carmichael Security Erik Anderson Added link to the Bugtra...

CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHPSELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user...

Дырка в PHP-NUKE

С помощью модификации URL возможен доступ к интерфейсу администрирования без пароля администратора. Кроме того, возможно выступать от имени другого пользователя...

Tektronix Phaser 740750850930 - Network Printer Administration Interface

Tektronix Phaser 740750850930 - Network Printer Administration Interface source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewal...

Tektronix Phaser 740/750/850/930 - Network Printer Administration Interface

source: https://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach the printer's admin interface,...

Дырка в Sun AnswerBook2

Непривилигированные пользователи могут получить доступ к интерфейсу администрирования, а так же выполнять программный код на сервере...

CVE-2000-0417

The Cayman gateways (Cayman 3220-H DSL router) are affected by a denial-of-service via entering a long username or password to the HTTP management interface. The root cause is a vulnerability that causes the device to restart, potentially due to a buffer overflow on the stack. Versions prior to 5...

CVE-2024-36550

idccms V1.35 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/vpsCompanydeal.php?mudi=add&nohrefStr=close...