174 matches found
Loxone Smart Home Cross-Site Request Forgery Vulnerability
Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from a cross-site request forgery vulnerability that allows attackers to steal cookie-based authentication credentials and perform unauthorized operations...
Adobe ColdFusion Unspecified DoS (APSB14-29) (credentialed check)
The version of Adobe ColdFusion running on the remote Windows host is affected by an unspecified denial of service vulnerability due to a resource consumption issue. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid79859; scriptversion"1.8"; scriptcvsdate"Date:...
Netflix Open Source Security Tools Solve Range of Challenges
Few organizations experience the scale of Web-based application security challenges that Netflix engineers deal with on a regular basis. Sometimes the response to a threat requires a homespun tool that, more often than not, ends up being released to open source. “Our assumption is that we...
All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation
No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...
ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - XSS
No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...
interactive story 1.3 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3028/info Interactive Story is a web-based application written in Perl and is distributed as freeware. Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote...
MobFox mAdserve SQL注入漏洞
Bugtraq ID:66661 MobFox mAdserve是一款基于WEB的广告服务应用。 MobFox mAdserve存在一个SQL注入漏洞,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 MobFox mAdserve 2.0 目前没有详细解决方案: http://www.madserve.org/...
Patched Microsoft Office 365 XSS Vulnerability Disclosed
A researcher in the UK disclosed the details of a serious cross-site scripting vulnerability in Office 365 that would allow an attacker with a mailbox on Office 365 to gain administrator rights over the Microsoft Web-based application in an organization. An exploit in an enterprise environment...
elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities
Title: ====== elproLOG MONITOR WebAccess 2.1 - Multiple Vulnerabilities Date: ===== 2013-09-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1086 VL-ID: ===== 1086 Common Vulnerability Scoring System: ==================================== 6.7 Introduction: ============...
PBBoard - Authentication Bypass
PBBoard - Authentication Bypass source: https://www.securityfocus.com/bid/54862/info PBBoard is a web-based messaging board application implemented in PHP. Attackers may exploit these issues to gain unauthorized access to user accounts or to bypass intended security restrictions. Other attacks ma...
Cisco Unified MeetingPlace SQL Injection Vulnerability
Cisco Unified MeetingPlace contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary SQL code on a targeted system. The vulnerability is due to improper validation of user-supplied input to the web-based application interface. An authenticated, remote attack...
Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection Vulnerabilities
Binary data 6398.prm...
Support Incident Tracker multiple vulnerabilities
Overview Support Incident Tracker or SiT! version 3.65, and possibly earlier versions, contain multiple vulnerabilities including; malicious file uploads, SQL injection, cross-site scripting, and cross-site request forgery. Description According to the SiT! website:"Support Incident Tracker or Si...
XSS Vulnerability in Tracks 1.7.2
Information -------------------- Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference : NS-11-003 Description...
Tracks 1.7.2 Cross Site Scripting
Information -------------------- Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur Advisory Reference : NS-11-003 Description ------------------ Tracks is a...
HP Power Manager Administration Web Server Stack Buffer Overflow (CVE-2010-4113)
HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS. The web management console allows users to monitor, manage, and control a single UPS locally and remotely. A buffer overflow vulnerability exists within HP Power Manager. The vulnerability is due to a...
HP Power Manager formLogin buffer overflow
Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...
HP Power Manager formLogin buffer overflow
Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...
HP Power Manager formLogin buffer overflow
Added: 12/28/2010 CVE: CVE-2010-4113 OSVDB: 69969 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability in the Administration interface allows remote attackers to...
HP Systems Insight Manager Detection
HP Systems Insight Manager, a web-based application for managing remote systems, is installed on the remote host. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid50541; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2021/03/22";...