CVE-2012-6428 Carlo Gavazzi EOS Box Hard-Coded Credentials

The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...

PT-2012-6275 · Carlo Gavazzi · Eos-Box

Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi EOS-Box versions prior to 1.0.0.1080 2.1.10 Description: The issue allows remote attackers to obtain administrative access by reading a password in a PHP script. This is due to the establishment of multiple hardcoded accounts...

iDev Rentals v1.0 - Multiple Web Vulnerabilities

Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

iDev Rentals 1.0 - Multiple Vulnerabilities

iDev Rentals 1.0 - Multiple Vulnerabilities Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================...

iDev Rentals 1.0 Cross Site Scripting

Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

iDev Rentals v1.0 - Multiple Web Vulnerabilities

Document Title: =============== iDev Rentals v1.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=760 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ==================================== 758 Common...

iDev Rentals v1.0 - Multiple Web Vulnerabilities

Document Title: =============== iDev Rentals v1.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=760 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ==================================== 758 Common...

WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities

WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities waraxe-2012-SA095 - Multiple Vulnerabilities in Wordpress FoxyPress Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 30. October 2012 Location: Estonia, Tartu Web:...

Joomla Component com_jce remote Code Injecion / Execution Exploit (perl)

JCE component for Joomla! could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the file.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP...

nginx+cgi to parse php is prone to a vulnerability-vulnerability warning-the black bar safety net

The title is a bit large, when we analyze carefully after, in fact, are generally configuration issues. If someone wants to attack the server, it will scan the machine where there is vulnerability can upload a malicious script file, the upload script is the first step, When a malicious php script...

Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities

Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities Cannonbolt Portfolio Manager v1.0 Stored XSS and SQL Injection Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: Cannonbolt Portfolio Manager is a sleek and AJAX based PHP scrip...

AB Banner Exchange - 'index.php' Local File Inclusion

----------------------------------------------------------- AB Banner Exchange index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/ Demo - http://www.scripts-demo.com/ab-banner-exchange/ ISRAEL...

AB Banner Exchange - index.php Local File Inclusion

AB Banner Exchange - index.php Local File Inclusion ----------------------------------------------------------- AB Banner Exchange index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/ Demo -...

AB Banner Exchange Local File Inclusion

----------------------------------------------------------- AB Banner Exchange index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/ Demo - http://www.scripts-demo.com/ab-banner-exchange/ ISRAEL...

Text Exchange Pro - index.php Local File Inclusion

Text Exchange Pro - index.php Local File Inclusion ----------------------------------------------------------- Text Exchange Pro index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/ Demo -...

Easy Banner Pro (index.php page) Local File Inclusion

Exploit for php platform in category web applications ----------------------------------------------------------- Easy Banner Pro index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/easybannerpro/ Demo -...

Easy Banner Pro - 'index.php' Local File Inclusion

----------------------------------------------------------- Easy Banner Pro index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/easybannerpro/ Demo - http://www.scripts-demo.com/easybannerpro/ ISRAEL...

Text Exchange Pro - 'index.php' Local File Inclusion

----------------------------------------------------------- Text Exchange Pro index.php page Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/ Demo - http://www.scripts-demo.com/textexchangepro/ ISRAEL...

Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...

Classified Ads Script PHP - admin.php Multiple SQL Injections

Classified Ads Script PHP - admin.php Multiple SQL Injections source: https://www.securityfocus.com/bid/54299/info Classified Ads Script PHP is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A...