McAfee Email Gateway 6.7.1 - systemWebAdminConfig.do Remote Security Bypass

McAfee Email Gateway 6.7.1 - systemWebAdminConfig.do Remote Security Bypass source: https://www.securityfocus.com/bid/40255/info McAfee Email Gateway is prone to a security-bypass vulnerability because the web-based interface fails to properly perform user-profile checks. Attackers can exploit th...

McAfee Email Gateway 6.7.1 - 'systemWebAdminConfig.do' Remote Security Bypass

source: https://www.securityfocus.com/bid/40255/info McAfee Email Gateway is prone to a security-bypass vulnerability because the web-based interface fails to properly perform user-profile checks. Attackers can exploit this issue to bypass certain security restrictions to edit property and...

JVN#02331156 HP System Management Homepage vulnerable to cross-site scripting

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is different from JVN19240523. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the...

Afian Document Manager Local File Inclusion

Afian is an application that can add, in just minutes, powerful document management capabilities to any Web server. It provides an Web-based interface for documents residing on the Web server's file system. This software has a secutity hole allow attackers download any files if they know the path...

Afian Local File Inclusion

Afian is an application that can add, in just minutes, powerful document management capabilities to any Web server. It provides an Web-based interface for documents residing on the Web server's file system. This software has a secutity hole allow attackers download any files if they know the path...

JVN#28344798 Cisco IOS cross-site scripting vulnerability

Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest firmware provided by...

JVN#70599814 I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability

The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery. Impact If a user views a malicious web page while logged into th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via 1 the elementid parameter in a generatedreportresults action to the ReportTree program, 2 the jnlpnam...

CVE-2008-5043

CVE-2008-5043 involves multiple cross-site scripting (XSS) flaws in the web-based interface of IBM Metrica Service Assurance Framework. The vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via three parameters: elementid in generatedreportresults (ReportTree...

Metrica Service Assurance Multiple Cross Site Scripting

Metrica Service Assurance Multiple Cross Site Scripting Author: Francesco Bianchino Email: [email protected] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architectur...

metrica-xss.txt

Metrica Service Assurance Multiple Cross Site Scripting Author: Francesco Bianchino Email: [email protected] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architectur...

[Full-disclosure] Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities

ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks. There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point:...

ZYXEL P-330W - Multiple Vulnerabilities

ZYXEL P-330W - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27024/info ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize...

JVN#19240523 HP System Management Homepage cross-site scripting vulnerability

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...

Aruba Mobility Controller vulnerable to privilege escalation

Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...

Update Protection against Indexing Service Cross-Site Scripting Vulnerability (MS06-053)

A cross-site scripting XSS vulnerability exists in Microsoft Windows Indexing Service. Indexing Service is a feature that supports rapid searching of file contents and properties by extracting information from files and storing it in indexes organized for fast searching. A remote attacker can...

Microsoft Indexing Service - Query Validation Cross-Site Scripting

Microsoft Indexing Service - Query Validation Cross-Site Scripting source: https://www.securityfocus.com/bid/19927/info Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other...

[Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list

Advisory: Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Release Date: 2006-08-30 Application: Lyris ListManager 8.95 Risk: Depends upon your use and business context Vendor site: http://www.lyris.com/ Overview of Product: "Lyris ListManager is the world's most popular...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

Ipswitch WhatsUp Professional 2006 - Authentication Bypass source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them...