11 matches found
EUVD-2005-4010
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the s parameter in /apprain/developer/debug-log/db. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or X...
CVE-2022-29059
An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted...
Fortinet FortiWeb SQL注入漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A SQL injection vulnerability exists in...
IBM Sametime Information Disclosure Vulnerability (CNVD-2018-06309)
IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A security vulnerability exists in IBM Sametime. A remote attacker can exploit this...
Websense multiple product Settings module credential disclosure vulnerability-vulnerability warning-the black bar safety net
Affected system: Websense Web Filter 7. x Websense Web Security Gateway 7. x Description: CVECAN ID: CVE-2 0 1 4-0 3 4 7 Websense is a global leader in integrated Web, information and datasecuritysolutions provider. Multiple Websense products processing Settings module of the Log Database or User...
Websense Triton 7.7.3 < 7.7.3 Hotfix 31 Information Disclosure
The remote application is running Websense Triton Unified Security Center, a component of the commercial suite of web filtering products. The remote instance of Websense Triton Unified Security Center fails to sanitize user-supplied input data in the 'Log Database' and 'User Directories' areas of...
CVE-2014-0347
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to...
Fake DNS Service
This module provides a DNS service that redirects all queries to a particular address. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'resolv' class MetasploitModule 'Fake DNS Service', 'Description' = %q Thi...
CVE-2005-4015
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php...
CVE-2005-4015
CVE-2005-4015 affects PHP Web Statistik 1.4. The issue is that the log database is not rotated and the referer field size is not limited, enabling a remote attacker to exhaust log files by issuing a very high number of HTTP requests (demonstrated via pixel.php). The available references describe ...