6556 matches found
phpwebgallery-hijackexec.txt
$b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see http://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid...
Cross site request forgery (csrf)
The remote management interface in SIP Enablement Services SES Server in Avaya SIP Enablement Services 5.0, and Communication Manager CM 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service...
CVE-2008-3778
The remote management interface in SIP Enablement Services SES Server in Avaya SIP Enablement Services 5.0, and Communication Manager CM 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service...
CVE-2008-3778
CVE-2008-3778 affects Avaya SIP Enablement Services (SES) Server 5.0 and Communication Manager 5.0 on the S8300C with SES enabled. The remote management interface can proceed with Core router updates even after an invalid login, enabling remote attackers to cause a messaging outage (DoS) or to ga...
Blue Coat K9 Web Protection Referer头栈溢出漏洞
BUGTRAQ ID: 30463 CVECAN ID: CVE-2007-2952 K9 Web Protection是家用电脑上所使用的内容过滤解决方案,允许用户控制可访问的Internet内容。 在访问基于Web的管理接口时K9 Web Protection的过滤服务(k9filter.exe)没有正确地处理Referer头。如果用户访问了恶意站点并向该接口返回了超长的Referer头,就可以触发栈溢出,导致执行任意指令。 Blue Coat Systems K9 Web Protection 3.2.44 Blue Coat Systems -----------------...
HP System Management Homepage < 2.1.12 Unspecified XSS
The remote host appears to be running HP System Management Homepage SMH, a web-based management interface for ProLiant and Integrity servers. The version of HP SMH installed on the remote host fails to sanitize user input to an unspecified parameter and script before using it to generate dynamic...
CVE-2008-3081
Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...
Input validation
Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...
CVE-2008-2636
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service management interface outage or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "frontpage" sequence, and ends with a...
CVE-2008-1106
The management interface in Akamai Client formerly Red Swoosh 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains 1 no Referer header, or 2 a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site...
F5 FirePass Content Inspection Management XSS
F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...
f5firepass-xss.txt
F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...
CVE-2008-0536
Unspecified vulnerability in the SSH server in 1 Cisco Service Control Engine SCE 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and 2 Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service management interface outage via SSH traffic that occurs during management...
FreeStyleWiki command injection vulnerability
Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...
WebCart cross-site scripting vulnerability
Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
SOL8599 - Cross-site scripting vulnerability viewing logs from the Console section of the web management interface
A cross-site scripting XSS vulnerability in the Console feature of the BIG-IP and Enterprise Manager web management interface may allow for script excecution when viewing a log file that contains malicious content. Exploitation of this vulnerability would require an attacker to generate a log ent...
SOL8602 - Cross-site scripting (XSS) vulnerability viewing logs from the web management interface
To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client. Note: Because exploitation of this...
F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞
BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求,如果登录用户拥有Resource Manager或Administrator权限的话,就可以注入任意Perl代码,生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3:...
f5bigip-inject.txt
F5 BIG-IP Management Interface Perl Injection Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It...
F5 BIG-IP Management Interface Perl Injection
F5 BIG-IP Management Interface Perl Injection Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It...