524 matches found
CVE-2015-2904
Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...
PT-2015-3362 · D Link · Dir-815
Name of the Vulnerable Software and Affected Versions: D-Link DIR-815 versions prior to 2.03.B02 Description: The issue is related to insufficient input validation in the remote administration interface, allowing remote attackers to execute arbitrary commands via specially crafted HTTP requests...
CVE-2015-3368
Cross-site scripting XSS vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name...
Barracuda Firmware <= 5.0.0.012 reporting Post Auth Remote Root Exploit
This Metasploit module exploits a remote command execution vulnerability in Barracuda Firmware versions 5.0.0.012 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do...
Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Firmware 'Barracuda Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Firmware Version 'xort', metasploit module , 'Version' = '$Revision: 12345 $',...
[SECURITY] Fedora 21 Update: glpi-0.84.8-4.fc21
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...
[SECURITY] Fedora 20 Update: glpi-0.84.8-4.fc20
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...
Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)
In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...
ManageEngine NetFlow Analyzer Default Credentials
The remote ManageEngine NetFlow Analyzer web administration interface uses a known set of default credentials. An attacker can use these to gain access to the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Fortinet FortiWeb CSRF Vulnerability (FG-IR-14-013)
Fortinet FortiWeb is prone to multiple cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
[SECURITY] Fedora 21 Update: glpi-0.84.8-3.fc21
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...
[SECURITY] Fedora 20 Update: glpi-0.84.8-3.fc20
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...
ManageEngine EventLog Analyzer Default Credentials
The remote ManageEngine EventLog Analyzer web administration interface uses a known set of default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid77479; scriptversion"1.5";...
Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, it is possible for an attacker to...
G.CMS Generator SQL Injection Vulnerability
No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Gcms generator SQLi Vulnerability Date : june, 21 2010 Critical Level : HIGH Vendor Url : http://www.laubrotel.com/gcms/demo/...
IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9858/info The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application's failure to properly sanitize user input. This issue may allow an attacker to gain ful...
Sambar 5.x Open Proxy and Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10256/info Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization. Once the remote attacker has gained access to the...
Zeus Web Server 4.0/4.1 Admin Interface Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6144/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input it is possible for an attacker to...
Sun AnswerBook2 1.4.2/1.4.3/1.4.4 Administration Interface Access
No description provided by source. source: http://www.securityfocus.com/bid/1554/info A lack of authentication checks for certain scripts within the administration interface of AnswerBook2 versions 1.4.2 and prior, for Solaris, allows remote users to create administration accounts. By directly...
Commentics 2.0 - Multiple Vulnerabilities
No description provided by source. Commentics 2.0 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be...