57 matches found
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...
LogicalDOC Enterprise 7.7.4 - User Enumeration Vulnerability
Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document...
Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build 7072.0 build...
NetGain Enterprise Manager 7.2.562 Command Execution
Exploit Title: NetGain Enterprise Manager a aPinga Command Injection Date: 23.02.2017 Exploit Author: MrChaZ Vendor Homepage: http://www.netgain-systems.com/ Version: = v7.2.562 build 853 Tested on: Windows 10 Pro 64-bit 10,0 Build 14393 Description:...
Sakai 10.7 - Multiple Vulnerabilities
Exploit for java platform in category web applications Sakai 10.7 Multiple Vulnerabilities Vendor: Apereo Foundation Product web page: https://www.sakaiproject.org Affected version: 10.7 Kernel 10.7 Summary: Sakai is a free, community source, educational software platform designed to support...
XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery
Exploit for jsp platform in category web applications XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc:...
XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery
XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from arbitrary command execution. Attackers...
XpoLog Center 6 XSS / CSRF / Open Redirect
XpoLog Center V6 Multiple Remote Vulnerabilities Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from multiple vulnerabilities including...
XpoLog Center 6 Cross Site Request Forgery
XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from arbitrary command execution. Attackers...
OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability
Summary OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more. Description OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being...
Hippo CMS 10.1 XML External Entity Information Disclosure
Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing...
Manage Engine Application Manager 12.5 - Arbitrary Command Execution
!C:/Python27/python.exe -u Applications Manager 12.5 Arbitrary Command Execution Exploit Vendor: Zoho Corporation Pvt. Ltd. Product web page: https://www.manageengine.com Affected version: 12.5 Summary: ManageEngine Applications Manager is an application performance monitoring solution that...
Manage Engine Applications Manager 12 Multiple Vulnerabilities
Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...
Applications Manager 12.5 Arbitrary Command Execution Exploit
Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...
SonicWALL GMS 6 Arbitrary File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...
ManageEngine EventLog Analyzer "j_username"跨站脚本漏洞
ManageEngine EventLog Analyzer是安全信息和事件管理软件。 ManageEngine EventLog Analyzer 8.6及其他版本没有正确过滤event/jsecuritycheck 当设置了"jpassword"后的"jusername" GET参数,这可导致在受影响站点用户浏览器会话中执行任意HTML和脚本代码。 0 ManageEngine EventLog Analyzer 8.6 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
HP SiteScope 'issueSiebelCmd' SOAP请求远程代码执行漏洞
BUGTRAQ ID: 63478 CVECAN ID: CVE-2013-4835 HP SiteScope是无代理监控软件,可维护其分布式IT基础架构的可用性和性能。 HP SiteScope 11.22之前版本在处理"issueSiebelCmd" SOAP请求的实现上存在安全漏洞,成功利用后可导致执行任意代码。 0 HP SiteScope 11.22 厂商补丁: HP -- HP已经为此发布了一个安全公告(HPSBMU02933)以及相应补丁: HPSBMU02933:HP SiteScope, issueSiebelCmd SOAP Request, Remote Code...
AlgoSec Firewall Analyzer 6.4 Cross Site Scripting
================================================================================================================================================================ AlgoSec Firewall Analyzer Version v6.4 cross-site scripting XSS Vulnerability...