4890 matches found
Fortinet FortiOS < 4.3.13 / 5.0.3 Multiple XSRF
The remote host is running FortiOS prior to 4.3.13 / 5.0.3. It is, therefore, affected by multiple cross-site request forgery vulnerabilities in web UI pages because they are not protected by XSRF tokens. An attacker could potentially exploit this vulnerability to hijack an authenticated user's...
Fortinet FortiMail < 4.3.4 / 5.0.0 Multiple XSS
The remote host is running FortiMail prior to 4.3.4 / 5.0.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to a failure to sanitize user-supplied input in the web UI. Specifically, flaws exist in the 'ipmask', 'username', 'address', and 'url' parameters of the...
NAS4Free Web UI Default Credentials
The NAS4Free web interface on the remote host has the 'admin' user account secured with the default password. A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface, which could allow arbitrary command execution via exec.php. %NASLMINLEVEL 70300 C...
NAS4Free Web UI Detection
Binary data nas4freedetect.nbin...
Cisco Content Security Management Appliance Web UI Default Credentials
It is possible to log into Cisco Content Security Management Appliance's web management console using default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid73301; scriptversion"1.5";...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
Design/Logic Flaw
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-0884
CVE-2014-0884 affects IBM Lotus Protector for Mail Security (Admin Web UI) on 2.8.x before 2.8.1-22905. A cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The root cause is not detailed in the provided docum...
CVE-2014-0887
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors...
Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI)
Exploit for windows platform in category web applications On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a use...
Updated nagios package fixes security vulnerability
A flaw was reported and fixed in Nagios, which can be exploited to cause a denial of service. This vulnerability is caused due to an off-by-one error within the processcgivars function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios we...
Conceptronic CIPCAMPTIWL 21.37.2.49 Cross Site Request Forgery
Hello List, Here I inform you about an easily exploitable CSRF discovered in Conceptronic cameras CIPCAMPTIWL. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8...
Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting
Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting !/usr/bin/env python ''' Exploit Title: Ability Mail Server 2013 Stored XSS Date: 12/20/2013 Exploit Author: David Um Vendor Homepage: http://www.code-crafters.com/ Software Link: http://download.code-crafters.com/ams.exe...
Palo Alto Networks PAN-OS Firewall/Panorama Web UI Detection
Binary data paloaltowebuidetect.nbin...
Ability Mail Server 2013 3.1.1 - Web UI Persistent Cross-Site Scripting
!/usr/bin/env python ''' Exploit Title: Ability Mail Server 2013 Stored XSS Date: 12/20/2013 Exploit Author: David Um Vendor Homepage: http://www.code-crafters.com/ Software Link: http://download.code-crafters.com/ams.exe Version: 3.1.1 Tested on: Windows Server 2003 SP2 CVE : CVE-2013-6162...
Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install)
------------------- 1 Overview Title: Intersystems Cache Remote Code Execution via Default 'Minimal Security' Install Product: Intersystems Cache Product URL: http://www.intersystems.com/cache/index.html Vendor: Intersystems Affected Versions: Tested on Cache for Windows x86-64 & i386 2009. thru...
D-Link Router 2760N Cross Site Scripting Vulnerability
D-Link Router 2760N suffers from multiple persistent and reflective cross site scripting vulnerabilities. Advisory: D-Link Router 2760N DSL-2760U-BN Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223 ========================== Vulnerability...
D-Link Router 2760N Cross Site Scripting
Advisory: D-Link Router 2760N DSL-2760U-BN Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223 ========================== Vulnerability Description ========================== Multiple Cross-Site Scripting XSS vulnerabilities present in D-Link...
McAfee Email Gateway Appliance 7.x Multiple Vulnerabilities (SB10037)
According to the version of the Web UI on the remote McAfee Email Gateway appliance, it is potentially affected by the following vulnerabilities : - The web mail client does not properly sanitize email attachment names allowing for cross-site scripting. - The web mail client does not properly...