CVE-2014-2366

CVE-2014-2366 affects Advantech WebAccess prior to 7.2, where upAdminPg.asp can disclose credentials to remote authenticated users by exposing them in the HTML source. Evidence from NVD/NIST and multiple advisories confirms the vulnerable component and the credential disclosure flaw, with a high ...

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

Allaire JRun 2.3 File Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed URL using the...

Dolphin 7.0.3 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email :...

MODx 0.9.6.1 'htcmime.php' Source Code Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...

Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)

No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...

oracle application server discussion forum portlet Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting...

Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat shi...

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

No description provided by source. Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=481...

Ipswitch WhatsUp Professional 2006 0 NmConsole/ToolResults.asp sHostname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation...

JDownloader Webinterface Source Code Disclosure Vulnerability

No description provided by source. Exploit Title: JDownloader Webinterface Source Code Disclosure Date: 11/24/10 Author: Sil3ntDre4m Software Link: http://jdownloader.org Version: Latest 0.9.850 Tested on: Windows, Linux JDownloader WebInterface is vulnerable to a source code disclosure exploit t...

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending +.htr to a request for a known .asp or .asa, .ini, etc file. Appending...

bloofox 0.3 (sql/fd) Multiple Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote...

Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

PHP Advanced Transfer Manager <= 1.30 Source Code Disclosure Exploit

No description provided by source. ? / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:...

tgs cms 0.x (xss/sql/fd) Multiple Vulnerabilities

No description provided by source. | | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | | | | | | | | | | | | |/ / ||//\||| |||| ||,/| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ TGS CMS Cross Site Scripting,SQL injection,Blind SQL/XPath injection,Source code disclosure, Multiple...

GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append...

IBM WebSphere 5.0/5.1/6.0 Application Server Web Server Root JSP Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain...

Yamamah (news) SQL Injection and Source Code Disclosure Vulnerability

No description provided by source. Exploit Title: Yamamah Vulnerability news SQL Injection / disclosure Vulnerability Date: 12-06-2010 Author: anT!-Tr0J4n My Home : www.Dev-PoinT.com Software Link:http://www.yamamah.org Version: 1.00 Tested on: Win7/Linux DorK : N / A ========== Exploit By...