Lucene search
+L

6556 matches found

Packet Storm
Packet Storm
added 2008/10/15 12:0 a.m.21 views

phpwebgallery-hijackexec.txt

$b'.$sort.';' 64. ; An attacker could be able to inject and execute PHP code through $GET'sort', that is passed to createfunction at line 63 see http://www.securityfocus.com/bid/31398. Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid...

7.4AI score
Exploits0
Prion
Prion
added 2008/08/25 9:41 p.m.19 views

Cross site request forgery (csrf)

The remote management interface in SIP Enablement Services SES Server in Avaya SIP Enablement Services 5.0, and Communication Manager CM 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service...

7.5CVSS7.4AI score0.01345EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2008/08/25 9:41 p.m.17 views

CVE-2008-3778

The remote management interface in SIP Enablement Services SES Server in Avaya SIP Enablement Services 5.0, and Communication Manager CM 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service...

7.5CVSS6.9AI score0.01345EPSS
Exploits0References3
CVE
CVE
added 2008/08/25 9:0 p.m.52 views

CVE-2008-3778

CVE-2008-3778 affects Avaya SIP Enablement Services (SES) Server 5.0 and Communication Manager 5.0 on the S8300C with SES enabled. The remote management interface can proceed with Core router updates even after an invalid login, enabling remote attackers to cause a messaging outage (DoS) or to ga...

7.5CVSS6.9AI score0.01345EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2008/08/03 12:0 a.m.33 views

Blue Coat K9 Web Protection Referer头栈溢出漏洞

BUGTRAQ ID: 30463 CVECAN ID: CVE-2007-2952 K9 Web Protection是家用电脑上所使用的内容过滤解决方案,允许用户控制可访问的Internet内容。 在访问基于Web的管理接口时K9 Web Protection的过滤服务(k9filter.exe)没有正确地处理Referer头。如果用户访问了恶意站点并向该接口返回了超长的Referer头,就可以触发栈溢出,导致执行任意指令。 Blue Coat Systems K9 Web Protection 3.2.44 Blue Coat Systems -----------------...

9.3CVSS6.4AI score0.15493EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2008/07/21 12:0 a.m.31 views

HP System Management Homepage < 2.1.12 Unspecified XSS

The remote host appears to be running HP System Management Homepage SMH, a web-based management interface for ProLiant and Integrity servers. The version of HP SMH installed on the remote host fails to sanitize user input to an unspecified parameter and script before using it to generate dynamic...

4.3CVSS5.9AI score0.03205EPSS
Exploits2References3
NVD
NVD
added 2008/07/09 12:41 a.m.21 views

CVE-2008-3081

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

6.5CVSS7.6AI score0.03058EPSS
Exploits0References21
Prion
Prion
added 2008/07/09 12:41 a.m.18 views

Input validation

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

6.5CVSS8.2AI score0.03058EPSS
Exploits0References21Affected Software1
Cvelist
Cvelist
added 2008/06/10 12:0 a.m.24 views

CVE-2008-2636

The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service management interface outage or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "frontpage" sequence, and ends with a...

8.1AI score0.03403EPSS
Exploits0References6
Cvelist
Cvelist
added 2008/06/09 11:0 p.m.28 views

CVE-2008-1106

The management interface in Akamai Client formerly Red Swoosh 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains 1 no Referer header, or 2 a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site...

7.6AI score0.00773EPSS
Exploits1References8
securityvulns
securityvulns
added 2008/06/06 12:0 a.m.59 views

F5 FirePass Content Inspection Management XSS

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/06/05 12:0 a.m.42 views

f5firepass-xss.txt

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2008/05/22 10:0 a.m.24 views

CVE-2008-0536

Unspecified vulnerability in the SSH server in 1 Cisco Service Control Engine SCE 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and 2 Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service management interface outage via SSH traffic that occurs during management...

6.6AI score0.04318EPSS
Exploits1References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

FreeStyleWiki command injection vulnerability

Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...

7.5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

WebCart cross-site scripting vulnerability

Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

6.4CVSS6.2AI score0.01263EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2008/04/13 12:0 a.m.39 views

SOL8599 - Cross-site scripting vulnerability viewing logs from the Console section of the web management interface

A cross-site scripting XSS vulnerability in the Console feature of the BIG-IP and Enterprise Manager web management interface may allow for script excecution when viewing a log file that contains malicious content. Exploitation of this vulnerability would require an attacker to generate a log ent...

6.8CVSS5.3AI score0.02423EPSS
Exploits1
F5 Networks
F5 Networks
added 2008/04/13 12:0 a.m.34 views

SOL8602 - Cross-site scripting (XSS) vulnerability viewing logs from the web management interface

To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client. Note: Because exploitation of this...

6.8CVSS5.8AI score0.02423EPSS
Exploits1
seebug.org
seebug.org
added 2008/04/09 12:0 a.m.23 views

F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞

BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求,如果登录用户拥有Resource Manager或Administrator权限的话,就可以注入任意Perl代码,生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3:...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2008/04/08 12:0 a.m.27 views

f5bigip-inject.txt

F5 BIG-IP Management Interface Perl Injection Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/04/05 12:0 a.m.38 views

F5 BIG-IP Management Interface Perl Injection

F5 BIG-IP Management Interface Perl Injection Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It...

2AI score
Exploits0
Rows per page
Query Builder