34 matches found
EUVD-2006-4202
Malware in sbrugna...
EUVD-2003-0336
Malware in sbrugna...
EUVD-2006-4201
Malware in sbrugna...
Owl Intranet Engine 0.95 'register.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30410/info Owl Intranet Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...
Owl Intranet Engine 0.7 Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7595/info Owl has been reported prone to an authentication bypass vulnerability. The issue presents itself due to a lack of sufficient sanitization when checking the validity of usernames and passwords supplied to...
[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass
Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...
Owl Intranet Engine 1.00 - userid Authentication Bypass
Owl Intranet Engine 1.00 - userid Authentication Bypass source: https://www.securityfocus.com/bid/51076/info Owl Intranet Engine is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication process and gain administrative access to the...
Owl Intranet Engine 1.00 Authentication Bypass
Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...
Owl Intranet Engine 1.00 - 'userid' Authentication Bypass
source: https://www.securityfocus.com/bid/51076/info Owl Intranet Engine is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication process and gain administrative access to the application. Owl Intranet Engine 1.00 is affected; other...
Owl Intranet Engine register.php跨站脚本执行漏洞
BUGTRAQ ID: 30410 CVECAN ID: CVE-2008-3100 Owl Intranet Engine是一种用于多用户维护知识库的基于Web软件。 Owl Intranet Engine没有正确地验证提交给register.php文件输入参数,允许远程攻击者通过提交恶意请求执行跨站脚本攻击。 Owl Intranet Engine = 0.95 Owl --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://owl.cvs.sourceforge.net/checkout/owl/owl-0.90/lib/owl.lib.php...
Owl Intranet Engine 0.95 - 'register.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30410/info Owl Intranet Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Owl Intranet引擎SQL注入漏洞
Owl Intranet Engine是一款基于PHP的开放源代码的发表文件/文档的知识库系统。 Owl Intranet Engine不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可以获得敏感信息。 问题是'lib/owl.lib.php'脚本对用户提交的WEB参数缺少过滤,提交恶意的SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 Owl Owl Intranet Engine 0.80 Owl Owl Intranet Engine 0.73 Owl Owl Intranet Engine 0.72 Owl Owl Intranet...
CVE-2006-4212
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2006-4212
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2006-4212
CVE-2006-4212 concerns an SQL injection in Owl Intranet Engine, a PHP-based document management system. The entry states that Owl Intranet Engine 0.90 and earlier is vulnerable and that remote attackers can execute arbitrary SQL commands via unspecified vectors. The connected JVN record notes the...
CVE-2006-4211
CVE-2006-4211 is an XSS vulnerability in Owl Intranet Engine (b0zz and Chris Vincent Owl Intranet Engine) 0.90 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Documented by NVD as a network-accessible XSS with base score 4.3 (...
Owl Intranet Engine < 0.91 Multiple Vulnerabilities
Binary data 3729.prm...
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session id cookie before using it in a database query. Provided PHP's 'magicquotesgpc' setting is disabled, a...
Remote file inclusion
PHP remote file inclusion vulnerability in lib/OWLAPI.php in OWL Intranet Engine 0.82, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the xrmsfileroot parameter, which is not initialized before use...
CVE-2006-1149
PHP remote file inclusion vulnerability in lib/OWLAPI.php in OWL Intranet Engine 0.82, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the xrmsfileroot parameter, which is not initialized before use...