1733 matches found
Mole Group Restaurant Directory Script 3.0 - Change Admin Password
Mole Group Restaurant Directory Script 3.0 - Change Admin Password ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
Multiple vulnerabilities in Webglimpse
Здравствуйте 3APA3A! Сообщаю вам о найденных мною множественных уязвимостях в Webglimpse. Это Full path disclosure, Cross-Site Scripting, Directory Traversal и Authorization bypass уязвимости. Уязвимости в админке Webglimpse в которую можно попасть через гостевой аккаунт, или захватив кукис админ...
CVE-2008-6596
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-1077
The Change My Password implementation in the admin interface in Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the...
CVE-2009-0597
SQL injection vulnerability in admin/index.php in w3bcms aka w3blabor CMS before 3.4.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter aka Username field in a login action...
FileZilla FTP Server Admin Interface Denial of Service
This module triggers a Denial of Service condition in the FileZilla FTP Server Administration Interface in versions 0.9.4d and earlier. By sending a procession of excessively long USER commands to the FTP Server, the Administration Interface FileZilla Server Interface.exe when running, will...
Unfixed XSS vulnerability at vhost.oddcast.com
Security researcher UzmiX, has submitted on 13/12/2008 a cross-site-scripting XSS vulnerability affecting vhost.oddcast.com, which at the time of submission ranked 19418 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It is currentl...
eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req)
Exploit for unknown platform in category web applications =================================================================== eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit admin req =================================================================== / eZ Publish OS Commanding executing...
eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req)
No description provided by source. / eZ Publish OS Commanding executing exploit by s4avrd0w [email protected] Versions affected 3.x tested on version 3.9.0, 3.9.5, 3.10.1 usage: ./eZPublishabuseoffunctionalityzeroday -u=username -p=password -s=EZPublishserver The options are required: -u Login of t...
netgear-dos.txt
Not sure how to rate this, but at the same time, i really don't give a shit. one of those days... You can crash the admin interface by sending a malformed URL to the web interface of this wireless router. No recovery, a reboot fixes the issue. Wouldn't even really call it a "malformed URL" either...
Openfire Server 3.6.0a - Authentication Bypass SQL Injection Cross-Site Scripting
Openfire Server 3.6.0a - Authentication Bypass SQL Injection Cross-Site Scripting Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de...
Openfire AuthCheck Authentication Bypass
The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. The installed version of this software contains a design error in its admin interface in that it allows URLs starting with certain strings, such as 'setup/setup-', to circumvent its auth chec...
Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability
Exploit for unknown platform in category web applications ======================================================================== Openfire Server = 3.6.0a Auth Bypass/SQL/XSS Multiple Vulnerabilities ======================================================================== Advisory: Openfire Serv...
Telecom Italia Alice Pirelli routers Backdoor from internal LAN/WAN
No description provided by source. saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE...
Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN
saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...
mailscan-multi.txt
MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface ======================================================================== Affected Products Product/Company Information Vulnerabilities Directory Traversal It is possible to access files on the system outside of the webroot...
Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...
CVE-2008-2176
Cross-site scripting XSS vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the 1 error and 2 go parameters to the login page...
Sql injection
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...