Realty Web-Base 1.0 - Authentication Bypass

Realty Web-Base 1.0 - Authentication Bypass --------------------------------------------------------------- ------------------------------------------------------------ Realty Web-Base v1.0 Auth bypass SQL Injection Vulnerability ---------------------------------------------------------------...

NotFTP config.php本地文件包含漏洞

BUGTRAQ ID: 34636 CVECAN ID: CVE-2009-1407 NotFTP是用PHP编写的基于Web的HTTP-FTP网关。 NotFTP的config.php脚本没有正确地过滤用户所提交的参数，如果远程攻击者在提交的URL请求中使用newlang参数指定了本地系统的恶意文件的话，就可能在Web服务器上读取敏感信息或执行任意代码。以下是config.php脚本中的有漏洞代码段： if isset$newlang requireonce"lib/lang/".$languages$newlang"file"; elseif...

NotFTP Detection

This host is running NotFTP, a Web-based HTTP-FTP gateway written in PHP. OpenVAS Vulnerability Test $Id: notftpdetect.nasl 5737 2017-03-27 14:18:12Z cfi $ NotFTP Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is free software; you can redistribu...

NotFTP Detection

This host is running NotFTP, a Web-based HTTP-FTP gateway written in PHP. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WebFileExplorer Detection

This host is running WebFileExplorer, a web based file management system. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

net2ftp Detection

This host is running net2ftp, a web based FTP client. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

net2ftp validateGeneriInput()函数跨站脚本漏洞

BUGTRAQ ID: 34440 net2ftp是一款基于Web的FTP客户端。 net2ftp的validateGeneriInput函数存在笔误，导致负责获取“”和“”字符的正则表达式失效： +++includes/registerglobals.inc.php @@ 1088:1102 1088 function validateGenericInput$input 1089 1090 // -------------- 1091 // Remove the following characters 1092 // -------------- 1093 1094 // Remo...

Novell NetIdentity代理XTIERRPCPIPE远程代码执行漏洞

BUGTRAQ ID: 34400 NetIdentity代理是Novell Client中所使用的为Windows平台上基于Web的应用程序提供认证的工具。 NetIdentity代理的xtagent.exe服务没有正确地过滤通过XTIERRPCPIPE命名管道所传送的RPC请求，远程攻击者可以通过提交恶意RPC消息引用任意指针，导致以当前用户权限执行任意代码。 Novell NetIdentity Agent 1.2.3 Novell ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that...

Debian DSA-1761-1 : moodle - missing input sanitization

Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the...

DSA-1761-1 moodle - file disclosure

Bulletin has no description...

Bugzilla attachment.cgi跨站请求伪造漏洞

BUGTRAQ ID: 34308 CVECAN ID: CVE-2009-1213 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla允许用户通过HTTP请求执行某些操作，但没有对请求执行有效性检查。如果已登录用户受骗访问了恶意网页的话，就可能通过attachment.cgi提交附件。 Mozilla Bugzilla 3.3.3 Mozilla Bugzilla 3.2.2 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/...

Malicious web sites jump 200 percent

By Vivian Yeo, ZDNet Asia The threat from Web-based malware is growing at a rapid pace, with nearly 200 percent more malicious sites zdnet.com identified this month, according to a new report from MessageLabs. Released Tuesday, the MessageLabs Intelligence Report revealed that 2, 797 new Web site...

CVSTrac Detection

This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking System For CVS, Subversion and GIT. OpenVAS Vulnerability Test $Id: cvstracdetect.nasl 5721 2017-03-24 14:42:01Z cfi $ cvstrac Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is...

CVSTrac Detection

This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking System For CVS, Subversion and GIT. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

phpGroupWare Detection

This host is running phpGroupWare, a web based messaging, collaboration and enterprise management platform. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Moodle: Sensitive File Disclosure

Moodle File Disclosure Vulnerability Systems Affected Moodle series 1.6.9+, 1.7.7+, 1.8.9, 1.9.5 Severity Critical Probability of being vulnerable Rather Low Vendor http://moodle.org/ Filed Bug MDL-18552 Author Christian J. Eibl Date 20090327 I. BACKGROUND Moodle is an open source webbased learni...

[SECURITY] Fedora 10 Update: phpMyAdmin-3.1.3.1-1.fc10

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

[SECURITY] Fedora 9 Update: phpMyAdmin-3.1.3.1-1.fc9

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...