PmWiki 2.2.34 Remote PHP Code Injection Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'PmWiki %q This...

PreProjects Pre Studio Business Cards Designer 'page.php' SQL Injection Vulnerability

Pre Studio Business Cards Designer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user- supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

EasySiteEdit 'sublink.php' Remote File Include Vulnerability

EasySiteEdit is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. OpenVAS Vulnerability Test $Id:...

Apache Plans Range Header Bug Fix in Next Day

The Apache Software Foundation plans to have a fix available in the next day or so for the denial-of-service problem in Apache that was publicized late last week. The bug, which in some forms has been under discussion for more than four years, involves the way that the Web server handles certain...

Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Remote Overflow

Sunway Force Control SCADA 6.1 SP3 - httpsrv.exe Remote Overflow Sunway Force Control SCADA httpsvr.exe Exploit Exploitable with simple SEH Overwrite technique Tested on XP SP0 English Probably will work on XP SP3 if you find none-safeseh dll for p/p/r pointer Canberk BOLAT | @cnbrkbolat...

Oracle PeopleSoft Enterprise远程FSCM漏洞(CVE-2011-2272)

BUGTRAQ ID: 48777 CVE ID: CVE-2011-2272 PeopleSoft企业软件集成多个商务功能，包括人事、客户关系、供求关系、财务等管理。PeopleSoft PeopleTools网关管理Servlet存在信息泄露问题， PeopleSoft的Enterprise PeopleTools在HRMS的实现上存在安全漏洞，远程攻击者可通过'HTTPs'协议利用此漏洞影响eProcurement子组件，非法更新、插入、删除PeopleSoft Enterprise FSCM中的可访问数据，非法读取其子集数据。 Oracle PeopleSoft Enterpri...

Fedora Update for pywebdav FEDORA-2011-2470

Check for the Version of pywebdav OpenVAS Vulnerability Test Fedora Update for pywebdav FEDORA-2011-2470 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Majordomo2 - Directory Traversal (SMTP/HTTP)

Exploit for multiple platform in category remote exploits Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Google dork:inurl:mjwwwusr Special thanks to Dave...

Tomcat remote denial of service vulnerability analysis(CVE-2 0 1 0-2 2 2 7)-vulnerability warning-the black bar safety net

The present article is an analysis of the POC process, the pressure of the N months, and now before the issue. Using the analysis of POC, Tomcat in addition to the latest versionsee the specific website, and JBOSS in addition to the latest version, can fight, POC see the article. JBOSS official h...

NetSupport Manager Gateway transmits identifying information in plaintext

Overview The NetSupport HTTP protocol implementation used for communication between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients is not encrypting http headers sent between systems. Description The NetSupport HTTP protocol implementation used for...

Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting

Oracle Fusion Middleware 10.1.210.1.3 - BPEL Console Cross-Site Scripting source: https://www.securityfocus.com/bid/43954/info Oracle Fusion Middleware is prone to a cross-site scripting vulnerability in BPEL Console. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to...

Motorito Cross Site Scripting / SQL Injection

============================================= INTERNET SECURITY AUDITORS ALERT 2010-005 - Original release date: March 30th, 2010 - Last revised: September 23th, 2010 - Discovered by: Mario Diaz Caldera - Severity: 5.5/10 CVSS Base Score ============================================= I...

Fedora Update for sblim-sfcb FEDORA-2010-10323

Check for the Version of sblim-sfcb OpenVAS Vulnerability Test Fedora Update for sblim-sfcb FEDORA-2010-10323 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RedHat Update for lftp RHSA-2010:0585-01

Check for the Version of lftp OpenVAS Vulnerability Test RedHat Update for lftp RHSA-2010:0585-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

File Sharing Wizard 'HEAD' Command Remote Buffer Overflow Vulnerability

File Sharing Wizard is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Oracle WebLogic Server Encoded URL Remote Vulnerability

Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerability affects the following supported versions: 7. SP7,...

Oracle WebLogic Server 10.3.3 - Encoded URL

source: https://www.securityfocus.com/bid/41620/info Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges. This vulnerabili...

Oracle WebLogic Server 10.3.3 - Encoded URL

Oracle WebLogic Server 10.3.3 - Encoded URL source: https://www.securityfocus.com/bid/41620/info Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and I...

Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)

$Id: ms01033idq.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Wing FTP Server Information Disclosure Vulnerabilities

No description provided by source. Some vulnerabilities have been reported in Wing FTP Server, which can be exploited by malicious users and malicious people to disclose potentially sensitive information. 1 Input passed to the Web Client is not properly sanitised before being used. This can be...