CVE-2006-3830

The CVE-2006-3830 issue affects Kailash Nadh’s boastMachine (formerly bMachine) up to version 3.1. Remote authenticated administrators can upload files with arbitrary extensions to the bmc/Inc/Lang directory. The uploaded files are not served over HTTP, so exploitation hinges on a local usage pat...

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

CVE-2006-3826

Multiple cross-site scripting XSS vulnerabilities in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 userlogin, 2 fullname, and 3 URL parameters in register.php; and allow remote authenticated administrators to...

Rendezvous < 7.5.1 HTTP Admin Interface Remote Overflow

The remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications According to its banner, several of the components in the version of Rendezvous installed on the remote host contain a buffer overflow vulnerability in the HTTP...

Symantec Sygate Management Server - &#039;LOGIN&#039; SQL Injection (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...

Oracle 9iAS DAD Admin interface

In a default installation of Oracle 9iAS, it is possible to access the modplsql DAD Admin interface. Access to these pages should be restricted. OpenVAS Vulnerability Test $Id: oracle9idadadmin.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS DAD Admin interface Authors: Matt Moor...

Oracle 9i Application Server DAD Admin Interface Accessible - Active Check

In a default installation of Oracle 9i Application Server AS, it is possible to access the modplsql DAD Admin interface. Access to these pages should be restricted. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

[Full-disclosure] Vulnerability in AL-Caricatier, V.2.5 And Prior Versions

Vulnerability in AL-Caricatier,V.2.5 Hello... i found a vulneribility in an program called AL-Caricatier it's an arabic program site: http://www.php-ar.com Vulnerability: Login Bypass GoogleDork: inurl:viewcaricatier. php Vunlerability in an included file called ss.php which resides in the admin...

CVE-2005-3269

Stack-based buffer overflow in help.cgi in the HTTP administrative interface for 1 Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, 2 Red Hat Directory Server and 3 Certificate Server before 7.1 SP1, 4 Sun ONE Directory Server 5.1 SP4 and earlier, and 5 Sun ONE Administration Serv...

CVE-2005-2584

The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access...

CVE-2004-2254

SurgeLDAP 1.0g (Build 12), and possibly earlier 1.0h, contains an authentication bypass vulnerability in the administration interface. The issue allows remote attackers to bypass login by sending a direct request to admin.cgi with a modified utoken parameter. The affected product/version informat...

CVE-2004-2254

SurgeLDAP 1.0g Build 12, and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter...

CVE-2004-1899

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes...

Video Cam Server 1.0 - Administrative Interface Authentication Bypass

Video Cam Server 1.0 - Administrative Interface Authentication Bypass source: https://www.securityfocus.com/bid/13459/info Video Cam Server is prone to an authentication bypass vulnerability. This vulnerability exists because Video Cam Server fails to control access to the administrative interfac...

CVE-2004-2254

SurgeLDAP 1.0g Build 12, and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter...

osCommerce Admin Interface Detection

Binary data 2507.prm...

advisory13.txt

l0om - l0omatexcluded.org - www.excluded.org greets, while i was "warsearching" with google i suddenly have been on the admin interfaces of many oscommerce sites. i made a: allinurl:admin/filemanager.php for nomal you can only view your oscommerce directorys, but if you type in the following you...

mailman XSS in admin script

Dirk Mueller reports: I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the valid session cookie...