97 matches found
SolarWinds Orion Service - SQL Injection
SolarWinds Orion Service - SQL Injection I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the...
Ip Reg 0.3 - Multiple Remote SQL Injection Vulnerabilities
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org...
Nixu NameSurfer多个安全漏洞
CVE ID:CVE-2014-0060、CVE-2014-0061、CVE-2014-0062、CVE-2014-0063、CVE-2014-0064、CVE-2014-0065、CVE-2014-0066 Nixu NameSurfer是一个实现集中地址管理覆盖的IPAM软件应用解决方案。 Nixu NameSurfer存在多个安全漏洞: 1,部分输入在使用之前缺少过滤,允许攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 2,解析XML实体时存在错误,允许攻击者利用特制的包含外部实体引用的XML文档来获取本地资源数据或消耗服务器资源。...
SolarWinds Orion IPAM Reflected Cross-site Scripting (CVE-2012-4939)
A reflected cross-site scripting vulnerability exists in SolarWinds Orion IPAM. The vulnerability is due to insufficient sanitization of user-supplied input, which is echoed back to the user. A remote attacker could exploit this vulnerability by enticing an authenticated user to follow a crafted...
Cross site scripting
Cross-site scripting XSS vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field...
CVE-2012-4939
Cross-site scripting XSS vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field...
CVE-2012-4939
SolarWinds Orion IPAM IPAMSummaryView.aspx is affected by a reflected XSS in the IPAM web interface prior to 3.0–HotFix1. An attacker can inject script via the "Search for an IP address" field, which could execute in a logged-in user’s browser and potentially lead to information leakage or creden...
SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
source: https://www.securityfocus.com/bid/56342/info SolarWinds Orion IP Address Manager IPAM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an...
SolarWinds Orion IPAM web interface reflected xss vulnerability
Overview SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. ...
Infoblox IPAM Appliance Default Credentials
The remote host appears to be running Infoblox IPAM appliance. Nessus was able to log into the remote web console using default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid42212; scriptversion"1.12...
Ip Reg 0.3 Multiple Remote SQL Injection Vulnerabilities
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...
IP Reg 0.3 - Multiple SQL Injections
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Multiple...
Ip Reg 0.3 Multiple Remote SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== Ip Reg 0.3 Multiple Remote SQL Injection Vulnerabilities ======================================================== --------------------------------------------------------------- / | ...
Directory traversal
Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 Adonis DNS/DHCP appliance 5.0.2.8 allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. dot dot in a pathname. NOTE: this can be leveraged...
CVE-2007-4226
Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 Adonis DNS/DHCP appliance 5.0.2.8 allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. dot dot in a pathname. NOTE: this can be leveraged...
CVE-2007-4226
CVE-2007-4226 describes a directory traversal in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8). The vulnerability allows remote authenticated administrators with certain TFTP privileges to create and overwrite arbitrary files through a .. in a pathname, w...
TS-2007-002-0: BlueCat Networks Adonis root Privilege Access
Template Security Security Advisory ----------------------------------- BlueCat Networks Adonis root Privilege Access Date: 2007-08-06 Advisory ID: TS-2007-002-0 Vendor: BlueCat Networks, http://www.bluecatnetworks.com/ Revision: 0 Contents -------- Summary Software Version Details Impact Exploit...