EUVD-2008-3762

Malware in sbrugna...

CVE-2023-32315 Openfire administration console authentication bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

Password exposure in H2 Database

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

Default credentials

DISPUTED The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access...

Cisco Firepower Management Center Software XSS (cisco-sa-fmc-xss-6VqH4rpZ)

According to its self-reported version, Cisco Firepower Management Center is affected by multiple cross-site scripting XSS vulnerabilities in its web-based admin interface due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can explo...

CMS Made Simple 2.2.10 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2019-002 - Original release date: April 10, 2019 - Last revised: May 22, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2019-11226...

Freelancer Script 4.0.1 SQL Injection

Title: FREELANCER SCRIPT v4.0.1 - Authentication Bypass & SQL injection Credit: Bilal KARDADOU Vendor: http://www.2daybiz.com Vendor URL: http://2daybiz.com/content/products/products/job-site-script/119-freelancer-script.php Product: FREELANCER SCRIPT v4.0.1 Google Dork: N/A Product & Service...

Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30780/info Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server...

Netwin SurgeFTP - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Netwin SurgeFTP...

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer McIntyre', , 'License' = MSFLICENSE, 'References' = , 'Arch' =...

Novell GroupWise Internet Agent 8.x <= 8.0.2 HP3 / 12.x < 12.0.1 Multiple Vulnerabilities

The version of Novell GroupWise Internet Agent running on the remote host is 8.x less than or equal to 8.0.2 HP3, or 12.x earlier than 12.0.1. As such, it is potentially affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing requests to the web-bas...

RuggedCom RuggedOS Web-Based Admin Interface Default Credentials

Binary data scadaruggedosdefaultaccountshttp.nbin...

Cobbler Admin Interface Detection

A web-based administration interface for Cobbler, a Linux installation server, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid59400; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Cobbler Admin Interface...

CVE-2012-2439

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...

KMSoft GB - SQL Injection

============================================================== KMSoft GB --SQl iNjection Vulnerabilty ============================================================== Name : KMSoft GB --SQl iNjection Vulnerabilty Date : july 9,2010 Critical Level :VERY HIGH vendor URL : http://www.kmsoft.org Author...

KMSoft GB SQL Injection Vulnerabilty

Exploit for asp platform in category web applications ==================================== KMSoft GB SQl injection Vulnerabilty ==================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1...

Directory traversal

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

CVE-2008-3776

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

CVE-2008-3776

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

fujitsu-traverse.txt

Fujitsu Web-Based Admin View Directory Traversal Vulnerability Version: 2.1.2 on Solaris, Other versions may vulnerable Vulnerability: Directory Traversal Risk: Critical Description: Due to insufficient control of user inputs, Fujitsu Web-based admin view reveals content of files residing in...