418 matches found
AuraCMS 1.5rc - Multiple SQL Injections
AuraCMS version 1.5rc - Multiple Remote SQL Injection Vulnerabilities Vendor : http://www.auracms.org/ Ditemukan oleh : k1tk4t - k1tk4t4tnewhack.org Lokasi : Indonesia -- newhackdotorg @ irc.dal.net // Kutu pada berkas 'hal.php' baris-7 $perintah="SELECT FROM halaman WHERE id=$id"; $hasil =...
csam-xss.txt
A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null%22%3e%3cscript%3ealert%22XSS!%22%3c%2fscript%3e Sucessfully tested with Version...
C-SAM oneWallet forget password Cross Site Scripting vulnerability
A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null223e3cscript3ealert22XSS!223c2fscript3e Sucessfully tested with Version 21007062007;1.0...
CVE-2006-4910
The web administration interface mainApp to Cisco IDS before 4.15c, and IPS 5.0 before 5.06p1 and 5.1 before 5.12 allows remote attackers to cause a denial of service unresponsive device via a crafted SSLv2 Client Hello packet...
CVE-2006-4910
The CVE affects Cisco IDS/IPS web administration interfaces. Specifically, Cisco IDS before 4.1(5c) and Cisco IPS before 5.0(6p1) and 5.1 before 5.1(2) are vulnerable to a denial-of-service via a crafted SSLv2 Client Hello that causes the mainApp web management process to become unresponsive. The...
Alt-N Web Admini MDaemon account hijacking
Administrator of any mail domain can redirect any mail of "MDaemon" system account to any account...
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability July 10, 2006 Product Overview: The Juniper Networks Redline DX application acceleration platform delivers a complete data center acceleration solution for web-enabled and IP-based business applications. Vulnerability...
phpcal.txt
phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...
CVE-2005-2584
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access...
CVE-2005-2586
The CVE concerns a Mentor ADSL-FR4II router with firmware 2.00.0111 that stores the web administration password in cleartext inside the backup configuration file. This exposes sensitive credentials to local users who can access the backup config, enabling partial confidentiality impact as describ...
CVE-2005-2584
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access...
Generic Botnet Server Detection (Web Admin) (deprecated)
Binary data 3116.prm...
IIS 6.0 Web Admin Multiple vulnerabilities
Hi, last week I installed Windows 2003 for the first time Enterprise edition and Web Server edition. My first objective was to check the security in the IIS 6.0 and of course my target was the Web Admin interfacethat comes with a lot of ASP's to play with ;- Some flaws were detected, the vendor h...
Another ZEUS Server web admin XSS!
Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...
SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting
SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to...
CVE-2002-0107
CacheFlow CacheOS 4.0.13 and earlier expose a information disclosure vulnerability in a web administration interface: a sequence of GET requests that do not end with a HTTP/1.0 (or another version) string causes leakage of sensitive data in the error message. Affected product: CacheFlow CacheOS (...
CVE-2001-0299
CVE-2001-0299 affects the Nokia IP440 Voyager web administration server. The vulnerability is a buffer overflow in the web admin interface triggered by processing a long URL, allowing local users to cause a denial of service and potentially execute arbitrary commands. The available documents conf...
CVE-1999-1207
Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request...