Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Design/Logic Flaw

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

Design/Logic Flaw

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...

CVE-2007-3417

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

Design/Logic Flaw

The displaypost function in cgi-bin/cgi-lib/forumdisplay.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users...

CVE-2007-3419

The CVE-2007-3419 entry concerns the editprofile3 function in cgi-bin/cgi-lib/user.pl of WebAPP (web-app.org) prior to version 0.9.9.7. The issue involves improper validation of seven data files (themes.dat, languages.dat, profession.dat, gen.dat, marstat.dat, states.dat, ages.dat) when saving me...

myserver-xss.txt

MyServer-0.8.9 - xss in sample cgi page ---------------------------------------- site: http://www.myserverproject.net/ poc: ---- http://localhost/cgi-bin/post.mscgi Post:alert'xss'; Found By Shay Priel aka Prili...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Packeteer Web Management Interface Version Detection

Nessus was able to determine the software version of the Packeteer web management interface running on the remote host. nnposter GPL Changes by Tenable: - Revised plugin title 3/30/2009 include"compat.inc"; if description scriptid25569; scriptversion "1.9"; scriptnameenglish:"Packeteer Web...

Packeteer Web Management Interface Detection

The remote web server is a Packeteer web management interface. nnposter GPL include"compat.inc"; if description scriptid25568; scriptversion "1.10"; name"english"="Packeteer Web Management Interface Detection"; scriptnameenglish:name"english"; scriptsetattributeattribute:"synopsis", value: "The...

Packeteer Web Management Interface Authentication

Nessus was able to log onto the remote Packeteer web management interface with the given credentials and has stored the authentication cookie in the KB for use with other plugins. %NASLMINLEVEL 70300 nnposter GPL Changes by Tenable: - Revised plugin title 3/30/2009 if!definedfunc"MD5" exit0;...

MyServer文件名解析错误信息泄露漏洞

MyServer是一款HTTP服务程序。 MyServer解析文件名存在问题，远程攻击者可以利用漏洞获得敏感信息。 在提交的脚本URI请求后使用大写的"I"，可导致脚本源代码泄露。 myServer 0.8.9 目前没有详细解决方案提供： http://www.myserverproject.net/ http://www.example.com/cgi-bin/post.mscgI...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Cross site scripting

Cross-site scripting XSS vulnerability in Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...