56 matches found
File Upload Vulnerability in NetSense SecSSL VPN
Netnifty SecSSL VPN provides 2-in-1 VPN service and network firewall service based on SSL protocol + IPsec protocol, which provides security for data interaction. A file upload vulnerability exists in NetShen SecSSL VPN. An attacker can utilize the vulnerability to upload malicious script files o...
Internet Explorer 6 Web Server Exploit
Author : Ahmed Obied [email protected] Modify by: syniack [email protected] This program acts as a web server that generates an exploit to target a vulnerability CVE-2010-0249 in Internet Explorer. The exploit was tested using Internet Explorer 6 on Windows XP SP3. The exploit's payload...
Accellion File Transfer Appliance Error Report Message - Open Email Relay
Accellion File Transfer Appliance Error Report Message - Open Email Relay source: https://www.securityfocus.com/bid/31178/info Accellion File Transfer Appliance is prone to an open-email-relay vulnerability. An attacker could exploit this issue by constructing a script that would send unsolicited...
PHPXplorer 0.9.33 - 'action.php' Directory Traversal
source: https://www.securityfocus.com/bid/16292/info phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...
phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion
source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could potentially exploit this issue vi...
SurgeLDAP 1.0 - 'User.cgi' Directory Traversal
source: https://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploit this issue to gain access to...
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
The remote host is running Qualiteam X-Cart - a shopping cart software written in PHP. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. In addition to this, there are some flaws that could allo...
Leif M. Wright Web Blog 1.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/9539/info Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables...
Reptile Web Server Reptile Web Server 20020105 - Denial of Service
source: https://www.securityfocus.com/bid/9482/info Reptile has been reported prone to a remote denial of service vulnerability. It has been reported that this issue exists because the affected server does not time out on incomplete requests. A remote attacker may exploit this vulnerability to de...
HotNews 0.x - 'config[incdir]' Remote File Inclusion
source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the...
directory traversal bug in Pserv 3.0b2
Donato Ferrante Application: PSERV - the small web server http://sourceforge.net/projects/pserv Version: 3.0 beta 2 Bug: directory traversal bug Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato...
Remote execution in My_eGallery
Product: MyeGallery Versions affected: all 3.1.1.g Website: http://lottasophie.sourceforge.net/index.php 1. Introduction --------------- MyeGallery is a very nice PostNuke module, which allows users to create and manipulate their own galleries on the web, plus offers various additional features...
OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution
source: https://www.securityfocus.com/bid/9000/info It has been reported that DailyDose may be prone to a remote command execution vulnerability due to insufficient sanitization of $temp variable in dose.pl script. An attacker may submit arbitrary commands that will be executed in the context of...
EternalMart Mailing List Manager 1.32 - Remote File Inclusion
EternalMart Mailing List Manager 1.32 - Remote File Inclusion source: https://www.securityfocus.com/bid/8767/info EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver...
Microsoft URLScan 2.5RSA Security SecurID 5.0 - Configuration Enumeration
Microsoft URLScan 2.5RSA Security SecurID 5.0 - Configuration Enumeration source: https://www.securityfocus.com/bid/8419/info A weakness has been discovered in Microsoft URLScan and RSA Security SecurID when used in conjunction on a web server. The problem is said to occur due to the order in whi...
Asus AAM6330BIAAM6000EV ADSL Router - Information Disclosure
Asus AAM6330BIAAM6000EV ADSL Router - Information Disclosure source: https://www.securityfocus.com/bid/8183/info It has been reported that remote users may be able to obtain sensitive information from Asus ADSL routers. It is possible to request files from the built-in Web server that contain...
LedNews News Post XSS
The remote web server is running LedNews, a set of scripts designed to help maintain a news-based website. There is a flaw in some versions of LedNews that could allow an attacker to include rogue HTML code in the news, which may in turn be used to steal the cookies of people visiting this site, ...
BLNews 2.1.3 - Remote File Inclusion
source: https://www.securityfocus.com/bid/7677/info It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP comman...
3Com SuperStack 3 Firewall - Content Filter Bypassing
3Com SuperStack 3 Firewall - Content Filter Bypassing source: https://www.securityfocus.com/bid/7021/info A vulnerability has been reported in the 3Com Superstack 3 Firewall. HTTP content filters put in place by the device fail to assemble fragmented data, potentially allowing an attacker to acce...
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)
source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability ...