1124 matches found
Zimbra 2009-2013 - Local File Inclusion
Exploit Title: Zimbra 0day exploit / Privilegie escalation via LFI Date: 06 Dec 2013 Exploit Author: rubina119 Contact Email : rubina119atgmail.com Vendor Homepage: http://www.zimbra.com/ Version: 2009, 2010, 2011, 2012 and early 2013 versions are afected, Tested on: Centosx, Ubuntu. CVE : No CVE...
Remote Code Execution in Microweber
High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...
CVE-2013-3029
Cross-site request forgery CSRF vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert...
CVE-2013-2976
CVE-2013-2976 : IBM WebSphere Application Server’s Administrative Console caches data in a way that lets local users obtain sensitive information. Affected versions include WAS 6.1, 7.0, and 8.x (including 8.0/8.5). The issue is a local information-disclosure via caching; no exploit vectors are s...
Netwin SurgeFTP - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Netwin SurgeFTP...
SurgeFTP Remote Command Execution Vulnerability
This Metasploit module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitrary commands. require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrativ...
NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)
NetWin SurgeFTP - Authenticated Admin Command Injection Metasploit require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer...
Oracle GlassFish Server Administration Console Authentication Bypass (CVE-2011-1511)
An authentication bypass vulnerability has been reported in the administration console of Oracle GlassFish...
CVE-2012-3304
The Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors...
Cyberoam Admin Console Detection
Cyberoam UTM's web admin console is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61446; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/14"; scriptnameenglish:"Cyberoam Admin Console Detection";...
Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex/zip' class Metasploit3...
CVE-2012-2380
CVE-2012-2380 affects the Apache Roller project, specifically the admin/editor console. The issue is that HTTP POST interfaces in the Roller admin/editor console were not protected against CSRF, allowing remote attackers to hijack admin/editor authentication. Affected versions include Roller 4.0....
Openfire Admin Console Authentication Bypass
This module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This module has been tested against Openfire 3.6.0...
at32 Reverse Proxy Detection
The admin console for the at32 Reverse Proxy software was detected on the remote host. at32 Reverse Proxy allows you to host several websites on a single IP or port. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid58602; scriptversion"1.5"; scriptcvsdate"Date:...
IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability
The host is running IBM WebSphere Application Server and is prone to cross-site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasadminconsolexssvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability Authors:...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...
CVE-2011-1364
Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...
CVE-2009-2748
Cross-site scripting XSS vulnerability in the Administration Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Destination Search Admin Console Access Control Bypass Vendor link: http://www.localmatters.com/ PDF:...
Oracle GlassFish Server Administration Console Authentication Bypass
Oracle GlassFish Server Administration Console Authentication Bypass 1. Advisory Information Title: Oracle GlassFish Server Administration Console Authentication Bypass Advisory ID: CORE-2010-1118 Advisory URL: Date published: 2011-05-11 Date of last update: 2011-05-11 Vendors contacted: Oracle...