Specialist Bed and Breakfast Website SQL Injection Exploit

Exploit for php platform in category web applications ========================================================== Specialist Bed and Breakfast Website SQL Injection Exploit ========================================================== !/usr/bin/python Specialist Bed and Breakfast Website SQL Injectio...

Cisco CSS Content Services Switch and ACE Application Control Engine HTTP SSL Header Spoofing Vulnerability

Cisco CSS Content Services Switch CSS, SSL Services Module SSLM, and ACE Application Control Engine ACE contain a vulnerability that could allow an authenticated, remote attacker to insert spoofed SSL headers into HTTP requests. The vulnerability exists because the affected products weakly enforc...

webERP 3.11.4 - Multiple Vulnerabilities

webERP 3.11.4 - Multiple Vulnerabilities Title: webERP Multiple Vulnerabilities Author: ADEO Security Published: 30/06/2010 Version: 3.11.4 Possible all versions Vendor: http://www.weberp.org Description: "webERP is a complete web based accounting/ERP system that requires only a web-browser and p...

ShopCartDx 4.30 - products.php Blind SQL Injection

ShopCartDx 4.30 - products.php Blind SQL Injection !/usr/bin/perl 0-Day ShopCartDx /trafficdemos/shopcartdx1/ my $MemberID = shift or my $Method = HTTP::Request-newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://www.warwolfz.org/"; my $DefaultTime = request$Referrer; sub...

Snare Agent web interface cross-site request forgery vulnerabilities

Overview The Snare Agent web interface is susceptible to cross-site request forgery attacks. Description The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and a...

CVE-2010-2465

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...

Improper access control

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...

CVE-2010-2465

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...

CVE-2010-2465

CVE-2010-2465 affects S2 Security NetBox 2.5, 3.3, and 4.0 (as utilized in Linear eMerge 50/5000 and Sonitrol eAccess). The root cause is insufficient access control, permitting remote attackers to download node logs, photographs of persons, and backup files stored under the web root via unspecif...

Web Application Security Scanner: w3af

w3af is a Web Application Attack and Audit Framework The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Identify and exploit a SQL injection One of the most difficult parts of securing your application is to identify the...

CVE-2009-4909

admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests...

PHPWCMS Cross-Site Request Forgery Vulnerability

No description provided by source. ?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah...

PHPWCMS 1.4.5 r398 Cross Site Request Forgery

PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc; input type="hidden"...

CSRF in PHPWCMS 1.4.5

?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah Talamantes RedTeam Security RedTeam Labs...

PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications =========================================================== PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability =========================================================== PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc v...

PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery

PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc;...

Uniform Server Multiple CSRF Vulnerabilities

Uniform Server is prone to multiple Cross-Site Request Forgery vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Brekeke PBX Cross-Site Request Forgery Vulnerability

This host is running Brekeke PBX and is prone to Cross-Site Request Forgery Vulnerability. OpenVAS Vulnerability Test $Id: secpodbrekekepbxcsrfvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Brekeke PBX Cross-Site Request Forgery Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 SecPod,...

HP Power Manager formExportDataLogs Directory Traversal (CVE-2009-4000)

HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS. A directory traversal vulnerability has been reported in HP Power Manager. The vulnerability is due to an input validation error while processing parameters sent to a certain form of the web based...

Authorization

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of thi...