OSSIM Web Frontend Default Credentials

It is possible to log into the remote OSSIM web frontend by providing the default credentials. A remote attacker could exploit this to gain administrative control of the OSSIM web frontend. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

Solaris Update for KCMS security fixes 114637-05

Check for the Version of KCMS security fixes OpenVAS Vulnerability Test Solaris Update for KCMS security fixes 114637-05 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...

dedecms injection vulnerability affecting version 5. 3 – 5.5 Posted in php-vulnerability warning-the black bar safety net

Excerpt from: hacking notes dedecms5. 3 and 5. The 5-Series version, there is a major injection vulnerability, Please note the following offensive, only for research. Exploit this vulnerability to illegal activities, at your peril. Suppose domain name is: www. abc. com the attack steps are as...

OpenPro Remote File Inclusion Vulnerability

OpenPro is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kaspersky Anti-Virus And Internet Security安全绕过漏洞

Bugraq ID: 35789 CNCAN ID：CNCAN-2009072502 Kaspersky Internet Security一套完整的解决方案，用于保护计算机抵御来自互联网的主要的威胁，Kaspersky Antivirus是一套反病毒解决方案。 Kaspersky Internet Security和Kaspersky Antivirus存在未明错误，远程攻击者可以利用漏洞通过外部脚本禁用保护机制。 目前没有详细漏洞细节提供。 Kaspersky Internet Security 2010 Kaspersky Anti-Virus 2010 厂商解决方案：...

HP-UX Update for rpc.ypupdated HPSBUX01002

Check for the Version of rpc.ypupdated OpenVAS Vulnerability Test HP-UX Update for rpc.ypupdated HPSBUX01002 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mandriva Update for hdf5 MDKA-2007:080 (hdf5)

Check for the Version of hdf5 OpenVAS Vulnerability Test Mandriva Update for hdf5 MDKA-2007:080 hdf5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

phpMyRealty 1.0.7 - 1.0.9 Multiple SQLi Vulnerabilities - Active Check

phpMyRealty is prone to multiple SQL injection SQLi vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Alex News-Engine 1.5.1 Remote Arbitrary File Upload Vulnerability

No description provided by source. Yellow Flood Organization Alex News-engine fckeditor Arbitrary File Upload Source: http://www.alexscriptengine.de/blog/category/news-engine/ Download: http://www.alexscriptengine.de/blog/asedownloads/news-engine/ Discover by: Batter - Vulnerability:...

Zanfi CMS lite / Jaw Portal free (fckeditor) Arbitrary File Upload Vuln

No description provided by source. S.W.A.T. Title: Zanfi CMS lite / Jaw Portal free fckeditor Remote Arbitrary File Upload Vendor: http://www.zanfi.nl/down.php?file=ZanfiCmsLite.rar Discover by : S.W.A.T. [email protected] Impact: Medium Fix: Disable The Uploader In Config File ; Demo:...

HP OpenView Select Identity Connectors本地信息泄漏漏洞

BUGTRAQ ID: 31024 CVE ID: CVE-2008-3539 CNCVE ID：CNCVE-20083539 HP OpenView Select Identity Connectors是一款身份管理解决方案包含的组件。 Windows平台下的HP OpenView Select Identity Connectors存在未明安全问题，本地攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 HP HPSI TOPSecret Connector 2.22.1 HP HPSI SunOne Connector 1.14 HP HPSI RACF Connecto...

dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + script:dotCMS + home: http://www.dotcms.org + demo: http://www.dotcms.org/thedotcms/demos/demo.dot + founder: Don of h4cky0u.org + Vulnerability: Directory traversal...

realm CMS 2.3 - Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: Realm CMS Multiple Vulnerabilities Lead to Admin Access. Vendor: www.realmproject.com Vulnerable Version: 2.3 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/40 1. Description:...

[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability

ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

Coppermine <=1.4.16 [Content-type] SQL-injection Exploit

Coppermine =1.4.16 Content-type SQL-injection Exploit 1 Дата: Найдена: April 9, 2008 Пропатчена: April 11, 2008 http://forum.coppermine-gallery.net/index.php/topic,51787.0.html 2 Продукт: Coppermine Photo Gallery =1.4.16 3 Уязвимость: SQL-injection в Content-type при загрузке удаленных файлов...

Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server. Remotely exploitable: Yes Authentication to Database Server is...

AIX 610000 : U816211

The remote host is missing AIX PTF U816211 which is related to the security of the package bos.clvm.enh You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

Tumbleweed SecureTransport vcst_eu.dll ActiveX控件远程栈溢出漏洞

BUGTRAQ ID: 28666 Tumbleweed SecureTransport是安全的文件传输解决方案，允许用户通过Internet传输敏感文件。 SecureTransport的FileTransfer ActiveX控件（vcsten.dll，CLSID：38681fbd-d4cc-4a59-a527-b3136db711d3）中存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 相关代码： interface IActiveXTransfer : IDispatch id0x00000007, helpstring"method TransferFile"...

Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload

The remote host appears to be running Symantec Backup Exec System Recovery Manager, a backup manager solution. The version of Recovery Manager on the remote host includes the Tomcat Servlet 'FileUpload' that fails to validate the user input. An unauthenticated attacker may be able to exploit this...

BitDefender Update Server - Unauthorized Remote File Access Vulnerability

BitDefender Update Server - Unauthorized Remote File Access Vulnerability ==================================================== Affected Products: - BitDefender Security for Fileservers - BitDefender Enterprise Manager BDEM - All BitDefender Products, using their internal update server product...