Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure

Exploit for php platform in category web applications Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.h...

Kerio WinRoute Firewall Web Server &lt; 6 - Source Code Disclosure

Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.htm Version: prior to 6 Tested on: Microsoft Windows CV...

Kerio WinRoute Firewall Web Server 6 - Source Code Disclosure

Kerio WinRoute Firewall Web Server 6 - Source Code Disclosure Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link:...

PHP < 5.3.13, 5.4.x < 5.4.3 Multiple Vulnerabilities - Active Check

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103482"...

PHP-CGI远程任意代码执行漏洞

CVE ID: CVE-2012-1823 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。可以被各种Web服务器以多种方式调用，实现动态网页的功能。 PHP处理参数的传递时存在漏洞，在特定的配置情况下，远程攻击者可能利用此漏洞在服务器上获取脚本源码或执行任意命令。 当PHP以特定的CGI方式被调用时（例如Apache的modcgid），php-cgi接收处理过的查询格式字符串作为命令行参数，允许命令行开关（例如-s、-d...

. the svn directory does not have permissions to restrict the use of loopholes in the summary(including the repair program)-vulnerability warning-the black bar safety net

The existing site use. svn to do a production environment version control, however. the svn directory does not have to do the access restrictions, you can through the. svn/entries to traverse the file and directory list. In order to save energy, I wrote a php scripthttp://rains.im/?q=node/18to do...

CVE-2012-1466

NetMechanica NetDecision Traffic Grapher Server information disclosure CVE-2012-1466 affects the NetDecision Traffic Grapher Server prior to version 4.6.1. An attacker can remotely obtain the source code of NtDecision scripts (.nd) by sending an HTTP request with an invalid version number (demons...

Promise WebPAM 2.2.0.13 Cross Site Scripting / SQL Injection

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...

Cisco Collaboration Server Source Code Disclosure Vulnerabilities

Cisco Collaboration Server is prone to multiple vulnerabilities that may allow remote attackers to obtain sourcecode, which may aid them in further attacks. Cisco Collaboration Server 5 is vulnerable; other versions may be affected as well. NOTE: The vendor has discontinued this product. OpenVAS...

Cisco Collaboration Server 5 Source Code Disclosure Vulnerabilities - Active Check

Cisco Collaboration Server is prone to multiple vulnerabilities that may allow remote attackers to obtain sourcecode, which may aid them in further attacks. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2011-4766

The CVE-2011-4766 entry concerns Parallels Plesk Small Business Panel 10.2.0, specifically the Site Editor/SiteBuilder and the file wysiwyg/fckconfig.js. The claim is that remote attackers could obtain ASP source code via direct access to that file; however, multiple sources note this is disputed...

QuesCom Qportal User 5.10.014 Source Disclosure

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - QuesCom Qportal User Vendor Product Description - No vendor product description - Site: http://www.quescom.com/ Advisory Timeline - 12/01/2011 - First Contact requesting security department...

TimeLive Time And Expense Tracking 4.1.1 Traversal / Disclosure

Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High Software Link :...

timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities

Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High Software Link :...

TimeLive Time and Expense Tracking 4.1.1 Multiple Vulnerabilities

Exploit for asp platform in category web applications Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High...

i-Gallery 4.1 Source Code Disclosure

=========================================================== i-Gallery 4.1 asp Remote Source Code Disclosure Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

CVE-2011-3502

The Cogent DataHub web server (versions up to 7.1.1.63) is affected by CVE-2011-3502, which allows remote attackers to obtain the source code of executable files via a crafted request that includes a trailing space or an encoded dot (%2e). Affected products include Cogent DataHub up to 7.1.1.63 a...

NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure

Vulnerability title: NetSaro Enterprise Messenger Server Administration Console Null Byte Request Source Code Disclosure CVSS Risk Rating: 5 Medium Product: NetSaro Enterprise Messenger Server Application Vendor: SEM Software Vendor URL: http://www.netsaro.com/ Public disclosure date: 8/22/2011...

NetSaro Enterprise Messenger Server Source Code Disclosure Vulnerability

NetSaro Enterprise Messenger Server is prone to source code disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Persian Sharetronix Portal Source Code Disclosure

=========================================================== Persian Sharetronix portal Remote Source Code Disclosure Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...