51 matches found
Design/Logic Flaw
A vulnerability in the web-based user interface web UI of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the...
Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...
Open Source Intelligence Automation: Spiderfoot
Open Source Intelligence Automation SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more...
CVE-2016-7040
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...
CVE-2016-7040
CVE-2016-7040 affects Red Hat CloudForms Management Engine (CFME) 4.1. A input-validation flaw in how CFME handles regular expressions passed to the expression engine via the JSON API and the web UI allows remote authenticated users to execute arbitrary shell commands by viewing/filtering collect...
Important: Red Hat Security Advisory: CFME 4.1 bug fixes and enhancement update
Updated cfme packages that fix bugs and add various enhancements are now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
SpiderFoot v2.6.1 - Open Source Intelligence Automation
SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target. Purpose There are three main areas where SpiderFoot can be useful: 1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the tes...
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery Title: Innovaphone PBX Admin-GUI CSRF Impact: High CVSS2 Score: 7.8 AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C Announced: August 21, 2014 Reporter: Rainer Giedat NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de Products: Innovaphone PBX...
Adaudit Plus Online Demo CSRF / Poor Password Passing
================================================================================================================================================= ADAUDIT PLUS ON-LINE DEMO TomCat Directory Listing / CSRF / Password field Submited using GET Method / OPTIONS Method...
PHP Server Monitor Stored XSS Vulnerability
Exploit for php platform in category web applications Author: loneferret Product: PHP Server Monitor Version: 2.0.1 and maybe older versions Google Dork: intext="Powered by PHP Server Monitor v2.0.1" yes people have made this available on the web Software Download:...
Apache Wicket 'pageMapName'参数跨站脚本执行漏洞
BUGTRAQ ID: 52680 CVE ID: CVE-2012-0047 Wicket 提供了一种面向对象的方式来开发基于 Web 的动态 UI 应用程序。 Apache Wicket在操作‘wicket:pageMapName’请求参数值时可能存在XSS攻击,可被利用执行任意脚本代码。 0 Apache Group Wicket 1.4.18 Apache Group Wicket 1.4.17 Apache Group Wicket 1.4.16 Apache Group Wicket 1.4.15 厂商补丁: Apache Group ------------...