14 matches found
netOffice Dwins 1.3 - Authentication Bypass Vulnerability and Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28051/info netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application...
netOffice Dwins Multiple <= 1.4p3 SQLi Vulnerabilities - Active Check
netOffice Dwins is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
netOffice Dwins <= 1.4p3 SQL Injection Vulnerability
Exploit for php platform in category web applications Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut.. users/exportuser.php?id=-1 union select 0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0-- File:...
netOffice Dwins 1.4p3 SQL Injection
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut.. users/exportuser.php?id=-1 union select...
NetOffice Dwins 1.4p3 - SQL Injection
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins openWorkHours$tmpquery; //5 SQL ..cut...
CVE-2008-2044
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...
Authentication flaw
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...
CVE-2008-2044
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...
CVE-2008-2044
netOffice Dwins 1.3 p2 is affected by an authentication bypass vulnerability tied to the demoSession parameter. The code compares the demoSession value to the string 'true' instead of the boolean true, enabling remote attackers to set the parameter to 1 and bypass login. The NASL/NVD entries note...
netOffice Dwins demoSession Parameter Authentication Bypass
The remote host is running netOffice Dwins, an open source project management application written in PHP. The version of netOffice Dwins installed on the remote host allows an attacker to bypass authentication and access parts of the affected application to which access would not ordinarily be...
netoffice-exec.txt
netOffice Dwins 1.3 Remote code execution. -------------------------------------------------------- Product: netOffice Dwins Version: 1.3 p2 Vendor: http://netofficedwins.sourceforge.net/ Date: 02/29/08 - Introduction "netOffice Dwins is a free web based time tracking, timesheet, and project...
netOffice Dwins 1.3 Remote code execution.
netOffice Dwins 1.3 Remote code execution. -------------------------------------------------------- Product: netOffice Dwins Version: 1.3 p2 Vendor: http://netofficedwins.sourceforge.net/ Date: 02/29/08 - Introduction "netOffice Dwins is a free web based time tracking, timesheet, and project...
NetOffice Dwins 1.3 - Authentication Bypass Arbitrary File Upload
NetOffice Dwins 1.3 - Authentication Bypass Arbitrary File Upload source: https://www.securityfocus.com/bid/28051/info netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issue...
NetOffice Dwins 1.3 - Authentication Bypass / Arbitrary File Upload
source: https://www.securityfocus.com/bid/28051/info netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application fails to adequately sanitize...