FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability

FreePBX is prone to an information-disclosure vulnerability that may expose administrator's credentials. Successful exploits will allow unauthenticated attackers to obtain sensitive information that may aid in further attacks. OpenVAS Vulnerability Test $Id: gbfreepbx52048.nasl 6720 2017-07-13...

Mathopd < 1.5p7 Directory Traversal Vulnerability

Mathopd is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

11in1 is prone to a cross-site request-forgery and a local file include vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability

EditWrxLite CMS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application. OpenVAS Vulnerability Test $Id: gbEditWrxLite51995.nasl 5714 2017-03-24 10:52:48Z cfi $ EditWrxLite CMS 'wrx.cgi'...

EditWrxLite CMS RCE Vulnerability (Feb 2012) - Active Check

EditWrxLite CMS is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Telnetd Encryption Key ID Code Execution

Added: 02/11/2012 CVE: CVE-2011-4862 BID: 51182 OSVDB: 78020 Background Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Problem The flaw is caused due to a...

Basic Analysis and Security Engine (BASE) 1.4.5 - &#039;base_graph_form.php?base_path&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities. An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in t...

PHP < 5.3.10 Security Bypass Vulnerability - Windows

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

project-open 3.4.x - account-closed.tcl Cross-Site Scripting

project-open 3.4.x - account-closed.tcl Cross-Site Scripting source: https://www.securityfocus.com/bid/51842/info project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Inclusion Vulnerability

WordPress is prone to a remote file inclusion vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"...

phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability

phpLDAPadmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to...

phpLDAPadmin 'server_id' Parameter Multiple XSS Vulnerabilities - Active Check

phpLDAPadmin is prone to multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpLDAPadmin 1.2.0.5-2 - server_id Cross-Site Scripting

phpLDAPadmin 1.2.0.5-2 - serverid Cross-Site Scripting source: https://www.securityfocus.com/bid/51794/info phpLDAPadmin is prone to cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script co...

HP Diagnostics Server 'magentservice.exe' Buffer Overflow Vulnerability

HP Diagnostics Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

NeoAxis Web Player Zip File Directory Traversal Vulnerability

NeoAxis Web Player is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UltraPlayer 2.112 - .avi File Denial of Service

UltraPlayer 2.112 - .avi File Denial of Service source: https://www.securityfocus.com/bid/51652/info UltraPlayer is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. UltraPlayer 2.112 is vulnerable;...

miniCMS Multiple Remote PHP Code Injection Vulnerabilities

miniCMS is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and possibly the underlying computer. miniCMS 1.0 and 2.0 are...

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

appRain CMF is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected server; this can result in arbitrary code execution within the context of the...

OpenSSL < 0.9.8s, 1.0.x < 1.0.0f Multiple Vulnerabilities

OpenSSL is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; if...

PostNuke pnAddressbook Module - id SQL Injection

PostNuke pnAddressbook Module - id SQL Injection source: https://www.securityfocus.com/bid/51566/info The pnAddressbook module for PostNuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issu...