1114 matches found
CVE-2014-4802
The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager BPM 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by...
CVE-2014-4802
IBM BPM Saved Search Admin in Process Admin Console (BPM 8.0–8.5.5) suffers an authorization vulnerability: authenticated users can obtain unfiltered result sets from saved searches, potentially exposing tasks and instances that they are not permitted to see. The weakness arises in the Saved Sear...
Novell GroupWise Administration Console Detection
Binary data novellgroupwiseadminconsoledetect.nbin...
hMailServer 5.3.3 IMAP Remote Crash PoC
No description provided by source. Exploit Title: hMailServer 5.3.3 IMAP Remote Crash PoC Date: 10/27/2012 Vendor Homepage: http://hmailserver.com Software Link: http://www.hmailserver.com/index.php?page=backgrounddownloadfile&downloadid=207 Version: hMailServer 5.3.3 - Build 1879 Tested on: -...
Glassfish Enterprise Server 2.1 Admin Console /configuration/auditModuleEdit.jsf name Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the conte...
Glassfish Enterprise Server 2.1 Admin Console /resourceNode/jdbcResourceEdit.jsf name Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the conte...
Glassfish Enterprise Server 2.1 Admin Console /applications/applications.jsf URI XSS
No description provided by source. source: http://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the conte...
Netwin SurgeFTP Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
osCommerce 2.2 Arbitrary PHP Code Execution
No description provided by source. $Id: oscommercefilemanager.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
Glassfish Enterprise Server 2.1 Admin Console /webService/webServicesGeneral.jsf URI XSS
No description provided by source. source: http://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the conte...
CVE-2014-2609
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116...
Authentication flaw
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116...
CVE-2014-2609
The CVE affects HP Executive Scorecard (v9.40 and v9.41) where the Java Glassfish Admin Console allows unauthenticated remote code execution via a session on TCP port 10001. Root cause: authentication bypass on the Glassfish admin interface leading to arbitrary code execution under SYSTEM. Impact...
CVE-2014-2609
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116...
Hewlett-Packard IT Executive Scorecard Java Glassfish Admin Console Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard IT Executive Scorecard. Authentication is not required to exploit this vulnerability. The specific flaw exists within allowed HTTP access to a Glassfish administrative console on po...
GetSimple CMS 3.3.1 Cross Site Scripting
PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Timeline: 04/11/2013 - Found bugs, produced proof of concept. 05/11/2013 - Communicated to the developer, which acknowledged receipt. 10/01/2014 - Politely...
Cross site request forgery (csrf)
The Administrative Console in IBM WebSphere Application Server WAS 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request...
CVE-2014-2426
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console...
Buffer overflow
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console...
CVE-2014-2426
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console...