Google Apps googleapps.url.mailto URI Argument Injection

Google Apps is a set of web-based tools hosted by Google under the software-as-a-service model. It features several Web applications with similar functionality to popular office suites, including: Gmail, Google Calendar, Google Chrome, Talk, Docs and Sites. When using Google Apps, the data and...

[SECURITY] Fedora 11 Update: zabbix-1.6.8-1.fc11

ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...

[SECURITY] Fedora 12 Update: zabbix-1.6.8-1.fc12

ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...

HP Power Manager formExportDataLogs buffer overflow

Added: 01/22/2010 CVE: CVE-2009-3999 BID: 37867 OSVDB: 61848 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability HP Power Manager allows remote attackers to execute...

HP Power Manager formExportDataLogs buffer overflow

Added: 01/22/2010 CVE: CVE-2009-3999 BID: 37867 OSVDB: 61848 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A buffer overflow vulnerability HP Power Manager allows remote attackers to execute...

LetoDMS Local File Inclusion / Cross Site Request Forgery

SEC Consult Security Advisory ======================================================================== title: Local file inclusion/execution and multiple Cross-Site-Request-Forgery vulnerabilities in LetoDMS formerly MyDMS products: LetoDMS formerly MyDMS vulnerable version: LetoDMS formerly MyDM...

phpLDAPadmin < 1.2 Local File Inclusion

Binary data 5291.prm...

WingFTP 3.2.4 Cross Site Request Forgery

Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a FTP server. It's a multi-protocol file serverFTP,...

WingFTP Server v3.2.4 CSRF Vulnerability

Exploit for unknown platform in category web applications ======================================== WingFTP Server v3.2.4 CSRF Vulnerability ======================================== Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF...

Wing FTP Server 3.2.4 - Cross-Site Request Forgery

Wing FTP Server 3.2.4 - Cross-Site Request Forgery Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a...

PHP-Calendar configfile变量远程文件包含漏洞

CVECAN ID: CVE-2009-3702 php-Calendar是一款基于WEB的日历事务系统。 PHP-Calendar中存在多个绝对路径遍历漏洞，远程攻击者可以通过在提交给update08.php或update10.ph的configfile参数中的完整路径名导致包含并执行任意本地文件。以下是有漏洞的代码段： 36 elseif!empty$GET'configfile' 37 iffileexists$GET'configfile' 38 requireonce$GET'configfile'; PHP-Calendar 1.1 临时解决方法：...

Trac文本格式报表信息泄露漏洞

CVECAN ID: CVE-2009-4405 Trac是用Python编写的基于Web的事件跟踪系统。 Trac在生成逗号分隔或制表符分隔的文本格式报表时没有正确地强制某些策略，用户无需必要的权限就可以从故障单中访问敏感信息。 Edgewall Software Trac 0.11.6 厂商补丁： Edgewall Software ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE...

[SECURITY] Fedora 11 Update: phpldapadmin-1.2.0.4-1.fc11

PhpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP director y. Since it is a web application, this...

phpLDAPadmin Detection

The remote host is running phpLDAPadmin, an open source web-based LDAP client written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid43401; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

SQL-Ledger 'admin.pl' Empty Credentials

The remote web server is hosting SQL-Ledger, a web-based double-entry accounting system. The installed version does not require credentials to access the administrator interface. Note that the installed version is potentially affected by several other vulnerabilities, though Nessus has not tested...

[ISecAuditors Security Advisories] QuiXplorer &lt;=2.4.1beta Remote Code Execution vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2009-003 - Original release date: March 2nd, 2009 - Last revised: December 17th, 2009 - Discovered by: Juan Galiana Lara - Severity: 9/10 CVSS scored ============================================= I. VULNERABILITY...

Active! mail 2003 cross-site scripting vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...

phpShop Detection

The remote host is running phpShop, a web-based shopping cart application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid43157; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"phpShop...

phpldapadmin Local File Inclusion

Exploit for unknown platform in category web applications ================================= phpldapadmin Local File Inclusion ================================= PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin i...

JVN#49083120 Active! mail 2003 cross-site scripting vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...