130 matches found
ICUII 7.0 - Local Password Disclosure
ICUII 7.0 - Local Password Disclosure / ICUII 7.0 Local Password Disclosure Exploit by Kozan Application: ICUII 7.0 and probably prior versions Procuder: Cybration - www.icuii.com Vulnerable Description: ICUII 7.0 discloses passwords to local users. Discovered & Coded by Kozan Credits to ATmaCA...
BEA WebLogic Server 8.1 / WebLogic Express Administration Console - Cross-Site Scripting
source: https://www.securityfocus.com/bid/13400/info A remote cross-site scripting vulnerability affects BEA WebLogic Server and WebLogic Express administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically...
MetaCart2 - 'SearchAction.asp' Multiple SQL Injections
source: https://www.securityfocus.com/bid/13393/info MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. An attacker may exploit these issues to manipulate SQL...
BitComet 0.57 Local Proxy Password Disclosure Exploit
Exploit for unknown platform in category local exploits ===================================================== BitComet 0.57 Local Proxy Password Disclosure Exploit ===================================================== / BitComet 0.57 Local Proxy Password Disclosure Exploit by Kozan Application:...
Zoom Media Gallery 2.1.2 - index.php SQL Injection
Zoom Media Gallery 2.1.2 - index.php SQL Injection source: https://www.securityfocus.com/bid/13094/info zOOm Media Gallery is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in ...
Mesh Viewer 0.2.2 - Remote Buffer Overflow
source: https://www.securityfocus.com/bid/12025/info It is reported that Mesh Viewer is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it into a fixed-size memory buffer. This...
Verylost LostBook 1.1 - Message Entry HTML Injection
Verylost LostBook 1.1 - Message Entry HTML Injection source: https://www.securityfocus.com/bid/10825/info Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and...
YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/9873/info It has been reported that YaBB and YaBB SE are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly validate URI supplied user input. Attackers may exploit this vulnerability t...
TalentSoft Web+ ClientMonitorserver 4.6 - Internal IP Address Disclosure
TalentSoft Web+ ClientMonitorserver 4.6 - Internal IP Address Disclosure source: https://www.securityfocus.com/bid/1720/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. A vulnerability exists in one of the CGI applications implemented by Web+...
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
The version of MiniVend running on the remote host has an arbitrary command execution vulnerability. Input to the 'mvarg' parameter of viewpage.html is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the system. %NASLMINLEVEL 70300 C Tenable Network...