CVE-2017-5998

Cross-site scripting XSS vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the strlogname parameter in a "Web Admin Portal Log Configuration Add" action...

[SECURITY] Fedora 25 Update: phpMyAdmin-4.6.6-1.fc25

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

CVE-2016-6810

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...

[SECURITY] Fedora 25 Update: phpMyAdmin-4.6.4-2.fc25

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution', 'Description' = %q The NVRmini 2 Network...

The vulnerability of the Dr.Web Enterprise Security Suite, a antivirus software, allows a malicious individual to carry out XSS attacks.

The vulnerability of the Dr.Web Enterprise Security Suite anti-virus protection allows for XSS attacks due to insufficient validation of the user name in the web administrator’s login page. This means that before the user name is returned to the user, it may be compromised by a malicious actor...

Code injection

web/admin/data.js in the Performance Center Virtual Table Server VTS component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through...

UBUNTU-CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...

Symantec Encryption Management Server Server Multiple Security Issues

The management console for Symantec Encryption Management Server SEMS is susceptible to potential OS command execution, local access elevation of privilege, a heap-based memory corruption resulting in a service crash and potential information disclosure of management console logon/account...

b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...

[SECURITY] [DSA 3391-1] php-horde security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3391-1 [email protected] https://www.debian.org/security/ Florian Weimer November 03, 2015 https://www.debian.org/security/faq -...

Zhone Technologies zNID GPON Remote Code Execution Vulnerability

Zhone Technologies zNID GPON 24xx, 24xxA, 42xx, 42xxA, 26xx and 28xx are router products from Zhone Technologies, USA. A remote code execution vulnerability exists in the web administrator console of the Zhone Technologies zNID GPON, which allows remote attackers to submit a special request to...

Authorization

The Web Admin interface in Red Hat Enterprise Virtualization Manager RHEV-M allows local users to bypass the timeout function by selecting a VM in the VM grid view...

CVE-2015-1841

The Web Admin interface in Red Hat Enterprise Virtualization Manager RHEV-M allows local users to bypass the timeout function by selecting a VM in the VM grid view...

CVE-2015-1841

CVE-2015-1841 affects Red Hat Enterprise Virtualization Manager (RHEV-M) Web Admin interface: an idle timeout bypass allows a local user to access the web interface after selecting a VM in the VM grid view. Root cause is the web admin’s timeout not logging out when a VM is selected. The vulnerabi...

Edimax PS-1206MF Web Admin Auth Bypass

By default, it is necessary to know current password in order to change it, but when request will be missing POST anewpass & confpass parameters, admin password will be set to null. devil@hell:$ curl -gi http://192.168.0.10/ HTTP/1.1 401 Date: Sat, 21 Dec 1996 12:00:00 GMT WWW-Authenticate: Basic...

Edimax PS-1206MF - Web Admin Authentication Bypass

Edimax PS-1206MF - Web Admin Authentication Bypass Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote...

Edimax PS-1206MF - Web Admin Authentication Bypass

Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote attacker is able to change specific settings or eve...

Edimax PS-1206MF - Web Admin Auth Bypass Vulnerability

Exploit for hardware platform in category web applications Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi,...

Oracle Commerce Platform A vulnerability exists in the Commerce Platform component

Oracle Commerce Platform is the United States Oracle Oracle company's set of e-business solutions platform. A security vulnerability exists in the Dynamo Application Framework - HTML Admin User Interface subcomponent of the Oracle Commerce Platform component of Oracle Commerce Platform. A remote...