622 matches found
Cgiemail 1.6 - Source Code Disclosure
Cgiemail 1.6 - Source Code Disclosure !/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script...
Visonic PowerLink2 Vulnerabilities
OVERVIEW Independent researcher Aditya K. Sood has identified cross-site scripting and source code disclosure vulnerabilities in Visonic’s PowerLink2 module. Visonic has produced an updated version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...
BFAC - Backup File Artifacts Checker
An automated tool that checks for backup artifacts that may discloses the web-application's source code. \ \ \ | | /| || / | / / | | || | | | | || | | \ \ | | || | | | | || /\ |/ / |/ |/ |/ -:::Backup File Artifacts Checker:::- An automated tool that checks for backup artifacts that may...
Informatica: [oneclickdrsfdc-test.informatica.com] Tomcat Example Scripts Exposed Unauthenticated
Issue The consultant identified that there is an unauthenticated installation of apache tomcat installed on the affected host. This particular installation has the /examples directory exposed which contains several scripts that execute server side code, these scripts can also be leveraged to carr...
Ubiquiti Inc.: Source code disclosure on https://107.23.69.180
The researcher discovered a misconfigured GitHub repo leaking some sensitive data...
WAP - Web Application Protection
WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...
VK.com: Уязвимость в Указание мест на фото + фича + хакинг
Для начало прошу прощения за столько много выделенных ТИПОВ ... коротко с помощью уязвимости можно ставить отметку на фото гео лакации любому пользователю Следование этому пожеланию увеличит вероятность получения награды. Сервис, в котором найдена уязвимость. https:/vk.com/alplaces.php...
Websense Triton 7.8.3/7.7 Source Code Disclosure Vulnerability
Websense Triton is prone to a source code disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Websense TRITON 7.8 Source Code Disclosure
The version of Websense TRITON running on the remote web server contains a flaw in handling a JSP script request having an appended double quote character. This causes the source code of the script to be returned instead of it being executed. An unauthenticated, remote attacker can exploit this...
Kadimus - LFI Scan & Exploit Tool
Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...
Source code disclosure of Websense Triton JSP files via double quote character
------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...
Websense Triton Source Code Disclosure
------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...
openSUSE Security Update : perl-Plack (openSUSE-SU-2014:1639-1)
This perl-Plack update fixes the following security issue : - bnc892328: trailing slashes removed leading to source code disclosure CVE-2014-5269 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...
Web Application Protection - Tool to detect and correct vulnerabilities in PHP web applications
WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher and with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-si...
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...
Resin Application Server 4.0.36 代码泄露漏洞
No description provided by source...
CVE-2014-2366
CVE-2014-2366 affects Advantech WebAccess prior to 7.2, where upAdminPg.asp can disclose credentials to remote authenticated users by exposing them in the HTML source. Evidence from NVD/NIST and multiple advisories confirms the vulnerable component and the credential disclosure flaw, with a high ...
Netsparker v3.5 - Web Application Security Scanner
Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...
Litespeed Technologies Web Server Remote Poison null byte Exploit
No description provided by source. Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Sun, 13 Jun 2010 00:10:38 G...
Yamamah (news) SQL Injection and Source Code Disclosure Vulnerability
No description provided by source. Exploit Title: Yamamah Vulnerability news SQL Injection / disclosure Vulnerability Date: 12-06-2010 Author: anT!-Tr0J4n My Home : www.Dev-PoinT.com Software Link:http://www.yamamah.org Version: 1.00 Tested on: Win7/Linux DorK : N / A ========== Exploit By...