26 matches found
EUVD-2008-3693
Malware in sbrugna...
EUVD-2006-1639
Malware in sbrugna...
LibreNMS Authentication Bypass Vulnerability
LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . An authentication bypass vulnerability exists in LibreNMS 1.47 and earlier versions, which can be exploited by an attacker to access multiple scripts...
TeamPass SQL Injection Vulnerability (CNVD-2017-06059)
TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in several scripts in TeamPass 2.1.24 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...
Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (2)
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat...
ManageEngine Firewall Analyzer Multiple XSS
The ManageEngine Firewall Analyzer running on the remote web server is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session...
Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (1)
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=628 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is...
Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (1)
Source: https://code.google.com/p/google-security-research/issues/detail?id=628 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat unreliable on some browsers, sometimes it...
SysAid Help Desk SQL Injection Vulnerability
SysAid Help Desk is a suite of Web-based IT management software. SQL injection vulnerability in multiple scripts in SysAid Help Desk allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...
Keene Digital Media Server 1.0.2 Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11111/info Keene Digital Media Server is prone to multiple cross-site scripting vulnerabilities. These issues span multiple scripts. The source of the problem is that affected scripts do not sufficiently sanitize external...
Psychoblogger PB-beta1 desc Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported ...
TCExam <=11.2.011 Multiple SQL Injection Vulnerabilities
No description provided by source. TCExam =11.2.011 Multiple SQL Injection Vulnerabilities Vendor: Tecnik.com s.r.l. Product web page: http://www.tcexam.org Affected version: 11.2.009, 11.2.010 and 11.2.011 Summary: TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based...
PHP Football 1.0 - Cross-Site Scripting
PHP Football 1.0 - Cross-Site Scripting ======================================================================================== | Title : PHP Football Version : 1.0 Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum E...
FreeSchool 1.1.0 Remote File Inclusion
x FreeSchool = 1.1.0 Mutiple Remote File Include Vulnerability ! Download Script : http://sourceforge.net/projects/freeschool/files/ ! Author : cr4wl3r ! Contact : cr4wl3r4tlinuxmaildotorg ! Location : Gorontalo - INDONESIA ! Dork : "FuCk y0u MaLaYsia" x 3xplo!t :...
eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass
source: https://www.securityfocus.com/bid/39912/info eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are prone to an authentication-bypass vulnerability because they fail to adequately verify user-suppli...
eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass
eZoneScripts Multiple Scripts - Insecure Cookie Authentication Bypass source: https://www.securityfocus.com/bid/39912/info eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are prone to an...
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...
CVE-2008-2840
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to 1 custompage.php, 2 errors/404.php, 3 members/memberslist.php, 4 members/profile.php, 5 news/fullview.php, 6...
CEScripts (Multiple Scripts) - Cross-Site Scripting
source: https://www.securityfocus.com/bid/18402/info CEScripts scripts are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...
Alkalay.Net Multiple Scripts Arbitrary Command Execution
The remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...