CGI Generic Script Injection (quick test)

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to inject malicious code in an existing 'script' block and cause arbitrary script code to be executed in a user's browser within the security...

CGI Generic XSS (extended patterns)

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected...

IP Power 9258+ Authentication Bypass

| | | | | | | | \ | | | \ | | | \ | | | | | | | | | | | / | / | |,|||/ |,|||,| | \ \ \ | | \ | | | | / / ./ ,||| | |Teach, Learn, Party|Teach, Learn, Party|Teach, Learn, Party| irc.efnet.net unallocatedspace --=+Multiple Remote Exploits in IP Power 9258+=-- by Crypt0s IP Power is a...

IP Power 9258+ Authentication Bypass

Exploit for windows platform in category remote exploits | | | | | | | | \ | | | \ | | | \ | | | | | | | | | | | / | / | |,|||/ |,|||,| | \ \ \ | | \ | | | | / / ./ ,||| | |Teach, Learn, Party|Teach, Learn, Party|Teach, Learn, Party| irc.efnet.net unallocatedspace --=+Multiple Remote...

[SECURITY] Fedora 13 Update: perl-5.10.1-123.fc13

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Nostromo 1.9.3 Directory Traversal

Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...

CGI Generic XSS (Parameters Names)

The remote web server hosts CGI scripts that fail to adequately sanitize parameters name of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site...

CGI Generic XSS (persistent, 2nd pass)

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the...

Command injection

The CGI scripts in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."...

CVE-2011-0271

The CGI scripts in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."...

iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability

iDefense Security Advisory 01.10.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 10, 2011 I. BACKGROUND HP Network Node Manager Command Injection Vulnerability HP Network Node Manager NNM is an application suite that is used to map out and manage network topography. NNM runs on a...

HP OpenView Network Node Manager code execution

Unfiltered shell characters in CGI scripts allow code execution...

D-Link WBR-1310 - Authentication Bypass

Exploit Title: D-Link WBR-1310 Authentication Bypass Vulnerability Shodan Dork: Embedded HTTP Server 2.00 Date: 22-Dec-2010 Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dlink.com/products/?pid=474 Version: 2.00 Tested on: WBR-1301, firmware version 2.00 The CGI scripts in the D-Lin...

D-Link WBR-1310 - Authentication Bypass

D-Link WBR-1310 - Authentication Bypass Exploit Title: D-Link WBR-1310 Authentication Bypass Vulnerability Shodan Dork: Embedded HTTP Server 2.00 Date: 22-Dec-2010 Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dlink.com/products/?pid=474 Version: 2.00 Tested on: WBR-1301, firmware...

CGI Generic On Site Request Forgery (OSRF)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with special characters like dots, slashes, backslashes, equal signs, question marks, etc. By leveraging this issue, an attacker may be able to cause arbitrary GET requests to be executed by a user when he...

CGI Generic XSS (HTTP Headers)

The remote web server hosts CGI scripts that fail to adequately sanitize HTTP headers of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Note that...

CGI Generic XML Injection

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access a SOAP back-end. An attacker may be able to...

[SECURITY] Fedora 11 Update: php-5.2.13-1.fc11

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Debian DSA-1883-1 : nagios2 - missing input sanitising

Several vulnerabilities have been found in nagios2, a host/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems : Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing...

CGI Generic Command Execution (time-based)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. Note that this script uses a time-based detection method which is less reliable than the basic method...