5907 matches found
Mod_NTLM 0.x Authorization Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7393/info A format string vulnerability has been reported for the modntlm Apache module. The problem occurs when logging authentication strings passed in HTTP requests. By passing malicious format specifiers in a request,...
Mailtraq 2.2 Browse.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7813/info Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server. An attacker can exploit this vulnerability by...
Outlook Web Access 2007 CSRF Vulnerability
No description provided by source. Source: http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails Demo: http://www.youtube.com/watch?v=Bx-zfu0uXYg After Nduja Connection worm and the Memova issue, it's now time to shed a light on vulnerabilities affecting corporate webmails. And wh...
WSMP3 0.0.x Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7642/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP GET requests. As a result, an attacker may be capable of accessing the contents of sensitive system...
GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append...
Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...
Gattaca Server 2003 Language Variable Path Exposure
No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...
Sixnet Sixview 2.4.1 - Web Console Directory Traversal
No description provided by source. Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview web console Linux bas...
LifeSize Room Command Injection
No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable...
SquirrelMail 1.2.11 Administrator Plugin options.php Arbitrary Admin Account Creation
No description provided by source. source: http://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization...
Gattaca Server 2003 Null Byte Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...
Savant Webserver 3.1 - Denial of Service Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/8243/info Savant web server has been reported prone to multiple denial of service vulnerabilities. Reportedly, a remote attacker may invoke many HTTP requests in succession, against the Savant web server and cause the...
Nokia Electronic Documentation 5.0 Connection Redirection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8625/info A vulnerability has been discovered in Nokia Electronic Documentation NED that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to...
Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8490/info A vulnerability has been reported in Netbula Anyboard that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacke...
Netscape Enterprise Server 4.1 HTTP Method Name Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6792/info It has been reported that iPlanet Web Server and Netscape Enterprise Server are prone to a remotely exploitable buffer overflow condition. This is due to insufficient bounds checking when handling HTTP requests...
Simple Machines Forum <= 1.1.6 (LFI) Code Execution Exploit
No description provided by source. !/usr/bin/perl @title: Simple Machines Forum Code Execution @versn: = 1.1.6 @authr: elmysterio a.k.a us @stats: DROPPED!!!!!!! @descp: In loving memory of the rare bone marrow disease that killed rgod. We can't thank you enough for killing a bug killer. @bug :...
Lunar CMS 3.3 - CSRF And Stored XSS Vulnerability
No description provided by source. ?!-- Lunar CMS 3.3 CSRF And Stored XSS Vulnerability Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open sourcecontent management system written for use on servers running the ever s...
SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28610/info SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it...
Softrex Tornado WWW-Server 1.2 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7716/info A buffer overflow vulnerability has been reported for Tornado www-Server. The vulnerability exists when Tornado processes overly long HTTP requests. This will result in the server crashing. Although unconfirmed,...
Website Directory 'index.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31562/info Website Directory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the...