Metasploit Web UI 4.1.0 - Persistent Cross-Site Scripting

Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: informed ========================== Vulnerability Description:...

Metasploit 4.1.0 Web UI stored XSS Vulnerability

Exploit for multiple platform in category web applications Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: inform...

CVE-2011-1357

Technical details about CVE-2011-1357 are not publicly available in the provided connected documents. Monitor for updates from official advisories.

When you open the nworks Web UI in a browser, you see a blank screen.

When you open the nworks Web UI in a browser, you see a blank screen instead of the logon screen/management screen. You may also see a Java exception stating that you need to add the site to the Trusted Sites zone...

CVE-2011-2606

Cross-site scripting XSS vulnerability in the Web UI in IBM Rational Team Concert RTC 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511...

CVE-2011-2606

IBM Rational Team Concert (RTC) 3.0 Web UI is affected by CVE-2011-2606, a Cross-site Scripting (XSS) flaw in the Web UI exploitable via an unspecified parameter (Work Item 165511). Root cause: unsafe handling of input in the affected page. Impact: remote attacker can inject arbitrary web script ...

CVE-2011-2606

Cross-site scripting XSS vulnerability in the Web UI in IBM Rational Team Concert RTC 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511...

CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-1716

CVE-2011-1716 concerns Xymon Monitor’s Web UI, where multiple XSS vulnerabilities exist in versions prior to 4.3.1. The description specifies that remote attackers can inject arbitrary web script or HTML via unspecified vectors, indicating the Web UI’s insufficient input/output handling as the ro...

CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Zolsoft Office Server Free Edition Cross Site Request Forgery

!--=============================================================================================== $$$$$$$\ $$\ $$\ $$\ $$$$$$\ $$ $$\ | $$ | $$ | $$ $$\ $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | $$$$$$$\ |$$ |$$ |$$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ |...

Path for daily backup is configurable through WEB UI

It is possible to set the daily backup path and partial name through the web UI. This could mean that information can be obtained by a rouge admin. This issue addresses that by introducing a flag so concerned administrators can remove this feature. This flag is set to false by default meaning it ...

Path for daily backup is configurable through WEB UI

It is possible to set the daily backup path and partial name through the web UI. This could mean that information can be obtained by a rouge admin. This issue addresses that by introducing a flag so concerned administrators can remove this feature. This flag is set to false by default meaning it ...

Barracuda Web Application Firewall Detection (HTTP)

HTTP based detection of Barracuda Web Application Firewall. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

VLC 0.9.8a Web UI (input) Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl VLC 0.9.8a Web UI Remote Stack Overflow DoS by TheLeader GreetZ: forums.hacking.org.il TiP oF TEh DaY: Rock on! = use IO::Socket; my $host = shift || 'localhost'; Target host my $port = shift || 8080; Target port. Default port = 8080 Note: for som...

VideoLAN VLC Media Player 0.9.8a - Web UI input Remote Denial of Service

VideoLAN VLC Media Player 0.9.8a - Web UI input Remote Denial of Service !/usr/bin/perl VLC 0.9.8a Web UI Remote Stack Overflow DoS by TheLeader GreetZ: forums.hacking.org.il TiP oF TEh DaY: Rock on! = use IO::Socket; my $host = shift || 'localhost'; Target host my $port = shift || 8080; Target...