116 matches found
Novell iManager getMultiPartParameters file upload vulnerability
Added: 10/11/2010 BID: 43635 OSVDB: 68320 Background Novell iManager is a web-based management interface for other Novell products. Problem The getMultiPartParameters function in the nps.jar web application in Novell iManager allows remote attackers to upload arbitrary files to the server. By...
Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nps.jar web application exposed via the Tomcat server running by default on TCP...
OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution
The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...
eFront 3.5.1 build 2710 - Arbitrary File Upload
eFront 3.5.1 build 2710 - Arbitrary File Upload -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- eFront eNYe-Sec - www.enye-sec.org -- Description by the author's page -- eFront is an easy to use, visually attractive, SCORM compatible, eLearning and Human Capital Development...
CVE-2003-1252
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...
Xerver 4.17 Server - URI Null Character Cross-Site Scripting
Xerver 4.17 Server - URI Null Character Cross-Site Scripting source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...
Xerver 4.17 - Single Dot File Request Source Disclosure
Xerver 4.17 - Single Dot File Request Source Disclosure source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...
Xerver 4.17 - Forced Directory Listing
Xerver 4.17 - Forced Directory Listing source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to...
Xerver 4.17 Server - URI Null Character Cross-Site Scripting
source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose the contents of any Web accessible...
Xerver 4.17 - Single Dot File Request Source Disclosure
source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose the contents of any Web accessible...
CVE-2001-1446
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories...
Macromedia Coldfusion MX application server information leak
Compilde JAVA pages are stored in the Web accessible directory...
CVE-2000-1161
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases...
PCCS MySQL DB Admin Tool v1.2.3- Advisory
This advisory highlights a weakness in the file structure of the a href="http://PCCS-Linux.COM/PCCS"PCCS MySQL Database Admin Tool/a. This web application can expose a mySQL administrator’s password. Problem: The default install requires you to use a directory that is web accessible. Under that...
Allaire ColdFusion Server 4.04.0.1 - CFCACHE Information Disclosure
Allaire ColdFusion Server 4.04.0.1 - CFCACHE Information Disclosure source: https://www.securityfocus.com/bid/917/info ColdFusion 4.x includes a function called CFCACHE. This function improves server performance by caching the HTML output of processed CFM pages. When the CFCACHE tag is used in a...
Allaire ColdFusion Server 4.0/4.0.1 - 'CFCACHE' Information Disclosure
source: https://www.securityfocus.com/bid/917/info ColdFusion 4.x includes a function called CFCACHE. This function improves server performance by caching the HTML output of processed CFM pages. When the CFCACHE tag is used in a CFM page, it creates temporary files. Some of these files are .tmp...