MOJOs IWms 7 - SQL Injection Cross-Site Scripting

MOJOs IWms 7 - SQL Injection Cross-Site Scripting Exploit Title: MOJO's IWMS | www.DigitalWhisper.co.il Software Link: http://www.mojo.co.il Version: YourXSSHere SQL Injection A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the...

JDownloader Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Product JDownloader1 is an open source download manager for One-Click- Filehoster like Rapidshare or Megaupload. The Click'n'Load2 interface allows external applications and websites to send URLs to the local running JDownloader. With Click'n'Loa...

Sterlite SAM300 AX Router - 'Stat_Radio' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39928/info The Sterlite SAM300 AX Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspectin...

Cisco Secure Desktop Remote Cross-Site Scripting Vulnerability

Cisco Secure Desktop contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to a lack of input sanitation in the Cisco Secure Desktop. An unauthenticated, remote attacker could exploit this vulnerability by...

HP Power Manager formExportDataLogs buffer overflow

Added: 01/22/2010 CVE: CVE-2009-3999 BID: 37867 OSVDB: 61848 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability HP Power Manager allows remote attackers to execute...

HP Power Manager formExportDataLogs buffer overflow

Added: 01/22/2010 CVE: CVE-2009-3999 BID: 37867 OSVDB: 61848 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability HP Power Manager allows remote attackers to execute...

Multiple directory Traversal Vulnerabilites in Testlink TestManagement

Exploit for unknown platform in category web applications =========================================================================================== Multiple directory Traversal Vulnerabilites in Testlink TestManagement and Execution System...

HP OpenView Network Node Manager OvWebHelp.exe Buffer Overflow (CVE-2009-4178)

The Network Node Manager NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A buffer overflow vulnerability exists in HP OpenView Network Node Manag...

Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)

A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...

Cacti 0.8.7e Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cacti 0.8.7e and earlier versions are affected by multiple security issues. Issues 1-4 are cross site scripting issues, issue 5 is a priviledge escalation issue. 1. XSS 1 A HTTP GET request against the following URL will, on a web browser with...

Novell iManager Tomcat HTTP POST Request Handling Denial of Service (CVE-2006-4517)

Novell iManager is a web-based administration console that provides management of many other Novell products. During installation, if the Windows Web Publishing Services IIS is not available, the installation program will install the Apache HTTP server. The iManager service itself is a Java web...

WordPress Trackback脚本拒绝服务漏洞

CVE ID: CVE-2009-3622 WordPress是一款免费的论坛Blog系统。 WordPress的wp-trackback.php脚本允许用户向mbconvertencoding函数提交多个源字符编码。如果远程攻击者在提交的HTTP请求中包含有超长的标题参数和由多个逗号分隔的UTF-8子字符串所组成的字符集参数，就可以占用大量CPU资源。 WordPress 2.8.5 厂商补丁： WordPress --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Check Point Connectra Script Injection

Check Point Connectra R62 Login Script Injection Vulnerability scip AG Vulnerability ID 4020 09/04/2009 http://www.scip.ch/?vuldb.4020 I. INTRODUCTION Check Point Connectra is a so-called SSL-VPN solution, which allows users to access a remote system using a regular web browser. More information ...

PHP web alerts, a variety of PHP application\0 filter vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: When the PHP program with the specified PATH, in the PATH of the file Backdoor was added%0 0 can upload any file. Test procedure: NEATPIC PHP directory direct-reading version 1.2.3 This document participants: Vulnerability experiment: Xiaolu,Lilo,SuperHei,Darkness All B...

Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service

Security Advisory --------------------------------------- Vulnerable Software: Artofdefence Hyperguard Web Application Firewall Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to 3.0.3-11636; prior to 2.5.5-11635 Apache Plug-in Homepage: http://www.artofdefence.com/ Found by: Michael...

Design/Logic Flaw

The administrative web interface on the Netgear DG632 with firmware 3.4.0ap allows remote attackers to cause a denial of service web outage via an HTTP POST request to cgi-bin/firmwarecfg...

CVE-2009-2256

The administrative web interface on the Netgear DG632 with firmware 3.4.0ap allows remote attackers to cause a denial of service web outage via an HTTP POST request to cgi-bin/firmwarecfg...

Netgear DG632 Router Remote DoS Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632RemoteDoS.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router h...

Netgear DG632 Denial Of Service

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632RemoteDoS.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router has a web interface...

Netgear DG632 Router Remote Denial of Service Vulnerability

Exploit for hardware platform in category dos / poc =========================================================== Netgear DG632 Router Remote Denial of Service Vulnerability =========================================================== Product Name: Netgear DG632 Router Vendor: http://www.netgear.com...