40 matches found
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Vulnerability
Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on: PHP...
Security feature bypass
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA Agent module could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7,...
CVE-2019-11989
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA Agent module could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7,...
Apache 2.2 - Scoreboard Invalid Free On Shutdown Vulnerability
Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ Introduction Apache 2.2 webservers may use a shared memory segment to share child process status information scoreboard between the child processes and the parent...
Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.32. It is, therefore, affected by the following vulnerabilities : - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve...
Fedora 23 : php-horde-horde-5.2.9-1.fc23 (2016-5d0e7f15ef)
horde 5.2.9 jan SECURITY: Fix XSS vulnerability in menu bar exposed by few applications Bug 14213. jan Add more detailed user DN settings to Kolab group configuration Request 11737. jan Fix returning to last page after problem reporting from AJAX pages Bug 12112. jan Fix custom database...
Fedora 22 : php-horde-horde-5.2.9-1.fc22 (2016-3d1183830b)
horde 5.2.9 jan SECURITY: Fix XSS vulnerability in menu bar exposed by few applications Bug 14213. jan Add more detailed user DN settings to Kolab group configuration Request 11737. jan Fix returning to last page after problem reporting from AJAX pages Bug 12112. jan Fix custom database...
RHEL 6 : mod_proxy_fcgi (RHSA-2015:1855)
An updated modproxyfcgi package that fixes one security issue is now available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
osCommerce 2.3.4 - SQL Injection & Stored XSS Vulnerabilities
Exploit for php platform in category web applications Title: osCommerce 2.3.4 - SQL Injection & Stored XSS Date: 13.03.15 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2 / PHP 5.3 @ linux Contact: smash at devilteam.pl As disclosed before, you may create new...
Zen Cart 1.5.3 - Multiple Vulnerabilities
Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS Date: 09.07.14 Vendor: zen-cart.com Tested on: Apache 2.2 at Linux Contact: smashatdevilteam.pl 1 - CSRF - Delete admin GET profile stands for user id. localhost/zen/zen-cart-v1.5.3-07042014/admin123/profiles.php?action=delete&profile=2 - Reset layou...
Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the 'modheaders' module which allows a remote attacker to inject arbitrary headers. This is done by placing a...
Zen Cart 1.5.3 - CSRF & Admin Panel XSS
Exploit for php platform in category web applications Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS Date: 09.07.14 Vendor: zen-cart.com Tested on: Apache 2.2 at Linux Contact: smashatdevilteam.pl 1 - CSRF - Delete admin GET profile stands for user id...
BEA WebLogic JSESSIONID Cookie Value Overflow
No description provided by source. $Id: beaweblogicjsessionid.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
Apache 2.2.x < 2.2.27 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is a version prior to 2.2.27. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists with the 'moddav' module that is caused when tracking the length of CDATA that has leading white...
Apache 2.2.x < 2.2.25 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,...
PHP Weby Directory Software 1.2 SQL Injection / CSRF Vulnerabilities
PHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities. =========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download:...
osTicket v1.6 ST (stable) CSRF/BLIND SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Apache 2.2 < 2.2.23 Multiple Vulnerabilities
Binary data 6576.prm...
Apache 2.2.x < 2.2.23 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.23. It is, therefore, potentially affected by the following vulnerabilities : - The utility 'apachectl' can receive a zero-length directory name in the LDLIBRARYPATH via the 'envvars' file. A local...
Apache 2.2.x < 2.2.25 Remote Denial of Service Vulnerability
Binary data 801383.prm...