28 matches found
EUVD-2006-4201
Malware in sbrugna...
EUVD-2003-0336
Malware in sbrugna...
EUVD-2006-4202
Malware in sbrugna...
Owl Intranet Engine 0.95 'register.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30410/info Owl Intranet Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...
Owl Intranet Engine 0.7 Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7595/info Owl has been reported prone to an authentication bypass vulnerability. The issue presents itself due to a lack of sufficient sanitization when checking the validity of usernames and passwords supplied to...
[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass
Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...
Owl Intranet Engine 1.00 Authentication Bypass
Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...
Owl Intranet Engine 1.00 - 'userid' Authentication Bypass
source: https://www.securityfocus.com/bid/51076/info Owl Intranet Engine is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication process and gain administrative access to the application. Owl Intranet Engine 1.00 is affected; other...
Owl Intranet Engine 0.95 - 'register.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30410/info Owl Intranet Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
CVE-2006-4212
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2006-4212
CVE-2006-4212 concerns an SQL injection in Owl Intranet Engine, a PHP-based document management system. The entry states that Owl Intranet Engine 0.90 and earlier is vulnerable and that remote attackers can execute arbitrary SQL commands via unspecified vectors. The connected JVN record notes the...
CVE-2006-4211
CVE-2006-4211 is an XSS vulnerability in Owl Intranet Engine (b0zz and Chris Vincent Owl Intranet Engine) 0.90 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Documented by NVD as a network-accessible XSS with base score 4.3 (...
CVE-2006-4212
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session id cookie before using it in a database query. Provided PHP's 'magicquotesgpc' setting is disabled, a...
CVE-2006-1149
PHP remote file inclusion vulnerability in lib/OWLAPI.php in OWL Intranet Engine 0.82, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the xrmsfileroot parameter, which is not initialized before use...
Remote file inclusion
PHP remote file inclusion vulnerability in lib/OWLAPI.php in OWL Intranet Engine 0.82, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the xrmsfileroot parameter, which is not initialized before use...
CVE-2006-1149
The CVE-2006-1149 entry applies to Owl Intranet Engine 0.82. PHP remote file inclusion arises when register_globals is on and xrms_file_root is used unsafely in lib/OWL_API.php. An unauthenticated attacker can cause arbitrary file inclusion (and potentially PHP code execution) by supplying a URL ...
CVE-2006-1149
PHP remote file inclusion vulnerability in lib/OWLAPI.php in OWL Intranet Engine 0.82, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the xrmsfileroot parameter, which is not initialized before use...
[SA19142] Owl Intranet Engine "xrms_file_root" File Inclusion Vulnerability
TITLE: Owl Intranet Engine "xrmsfileroot" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19142 VERIFY ADVISORY: http://secunia.com/advisories/19142/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Owl Intranet Engine 0.x http://secunia.com/product/1579/...
OWL Intranet Engine 0.82 - 'xrms_file_root' Code Execution
!/usr/bin/perl use IO::Socket; print "WwwWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW\r\n"; print "WWwoLWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW\r\n"; print...