8003 matches found
HP LoadRunner buffer overflow vulnerability
Overview HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files. Description According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting...
Imperva SecureSphere management GUI contains an XSS vulnerability
Overview An XSS vulnerability exists in the Imperva SecureSphere management GUI. Description Dell SecureWorks' SWRX-2011-001 advisory states:"A vulnerability exists in Imperva SecureSphere due to improper validation of user-controlled input. User-controllable input is not properly sanitized for...
ejabberd -- remote denial of service vulnerability
It's reported in CVE advisory that: expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML documen...
ManageEngine Applications Manager Authenticated Code Execution
This module logs into the Manage Engine Applications Manager to upload a payload to the file system and a batch script that executes the payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability
Summary Fast web-based server monitoring. Keep an eye on servers, connections, databases, cpu, hard drives and more! Description The Anfibia Reactor JS service suffers from a XSS vulnerability when parsing user input to the 'email' parameter via POST method in 'reactor/login.do' script at the...
glibc: fnmatch() alloca()-based memory corruption flaw
The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to...
Planex Mini-300PU / Mini100s Cross Site Scripting
GotGeek Labs http://www.gotgeek.com.br/ Planex Mini-300PU & Mini100s Cross-site Scripting Vulnerability + Description Mini-300PU: The PLANEX Mini-300PU is the greatest network printing solution to both USB and Parallel printer ports. It provides 2 USB 2.0 and 1 Parallel printer ports, which can...
ZO Tech Multiple Print Server Cross Site Scripting
GotGeek Labs http://www.gotgeek.com.br/ ZO Tech Multiple Print Servers Cross-site Scripting Vulnerability + Description 1 PA101 Fast Parallel Port Print Server 2 PU201 Fast USB Print Server 3 PA301 Parallel Port Print Server 4 PS531 USB & Parallel Print Server + Information Title: ZO Tech Multipl...
ZO Tech Multiple Print Servers - Cross-Site Scripting
ZO Tech Multiple Print Servers - Cross-Site Scripting GotGeek Labs http://www.gotgeek.com.br/ ZO Tech Multiple Print Servers Cross-site Scripting Vulnerability + Description 1 PA101 Fast Parallel Port Print Server 2 PU201 Fast USB Print Server 3 PA301 Parallel Port Print Server 4 PS531 USB &...
Planet FPS-1101 - Cross-Site Scripting
Planet FPS-1101 - Cross-Site Scripting GotGeek Labs http://www.gotgeek.com.br/ Planet FPS-1101 Cross-site Scripting Vulnerability + Description Equipped with the Parallel printing interfaces, the FPS-1101 makes your printer available be shared in most popular network environment. With the embedde...
Planet FPS-1101 Cross Site Scripting
GotGeek Labs http://www.gotgeek.com.br/ Planet FPS-1101 Cross-site Scripting Vulnerability + Description Equipped with the Parallel printing interfaces, the FPS-1101 makes your printer available be shared in most popular network environment. With the embedded web server, the FPS-1101 is...
'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)
'Andy's PHP Knowledgebase' SQL Injection Vulnerability CVE-2011-1546 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in aviewusers.php allowing for SQL injection of the 's' query parameter. II. TESTED VERSION...
webEdition CMS Local File Inclusion Vulnerability
Exploit for php platform in category web applications Software: webEdition CMS 6.1.0.2 Vendor: http://www.webedition.org Vuln Type: Local File Inclusion Download link: http://sourceforge.net/projects/webedition/files/webEdition/6.1.0.2/webEdition6102.tar.gz/download Author: eidelweiss contact:...
McAfee Cross Site Scripting / Information Disclosure
Vulnerabilities in McAfee.com 1. VULNERABILITY DESCRIPTION - Cross Site Scripting http://download.mcafee.com/products/webhelp/4/1033/javascript:top.location.replace'attacker.in' - Information Disclosure Internal Hostname: http://www.mcafee.com/js/omniture/omnitureprofile.js $ ruby host-extract.rb...
Icinga 1.3.0 / 1.2.1 Cross Site Scripting
Advisory: Cross-Site Scripting vulnerabilities in Icinga Advisory ID: SSCHADV2011-001 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1 Vendor URL: http://www.icinga.org Vendor Status: fixed csv export link to make it XSS save IE 1275 CVE-ID: -...
GAzie 5.10 (Login parameter) Multiple Remote Vulnerabilities
Summary GAzie is a multi-company management program ERP that runs on Apache web server with support for PHP and Mysql database. Open Source web-based application for small and medium enterprises. Description GAzie is prone to a cross-site scripting and an SQL Injection vulnerability because it...
LocatePC 1.05 (Ligatt Version + Others) - SQL Injection
LocatePC 1.05 Ligatt Version + Others - SQL Injection Affected Software: LocatePC 1.05 Consequences: Arbitrary SELECT queries against the LocatePC and "mysql" database. The LocatePC database contains enough information to stalk all users of the software. It may be possible to instruct the softwar...
Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
This host is installed with Internet Explorer and is prone to remote code execution vulnerability. This NVT has been replaced by NVT secpodms11-018.nasl OID:1.3.6.1.4.1.25623.1.0.900278. OpenVAS Vulnerability Test $Id: gbmsiereleaseinterfacecodeexecutionvuln.nasl 6526 2017-07-05 05:43:52Z cfische...
Microsoft Internet Explorer 'ReleaseInterface()' RCE Vulnerability
Internet Explorer is prone to a remote code execution RCE vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900278. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities
Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking Hotel Booking...