netjuke-sqlxss.txt

The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc http://sourceforge.net/projects/netjuke...

AnyInventory <= 1.9.1 (environment.php) Remote File Inclusion Vuln

No description provided by source. AnyInventory = 1.9.1 Remote file inclusion Download script : http://physics.ramapo.edu/downloads/anyInventory-1.9.1.tar.gz Exploit : http://victime.com/anyInventorypath/environment.php?DIRPREFIX= shell.txt? Dork : anyInventory, the most flexible and powerful...

anyinventory-rfi.txt

AnyInventory = 1.9.1 Remote file inclusion Download script : http://physics.ramapo.edu/downloads/anyInventory-1.9.1.tar.gz Exploit : http://victime.com/anyInventorypath/environment.php?DIRPREFIX= shell.txt? Dork : anyInventory, the most flexible and powerful web-based inventory system Discovered ...

Bugzilla多个远程安全漏洞

BUGTRAQ ID: 25420 Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Bugzilla的实现上存在多个远程安全漏洞，远程攻击者可能利用这些漏洞在服务器上执行恶意命令或导致信息泄露。 在归档bug的时候Bugzilla没有正确地转义指导表单中的buildid字段，这可能允许用户通过向enterbug.cgi提交恶意URL覆盖User-Agent字符串，执行跨站脚本攻击。...

Help Center Live class/auth.php check_logout Function Admin Authentication Bypass

The remote host is running Help Center Live, an open source, web-based help desk application written in PHP. The version of Help Center Live installed on the remote host has several administrative scripts that fail to exit if called without valid credentials. An unauthenticated attacker may be ab...

CVE-2007-4017

Cross-site request forgery CSRF vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators...

CVE-2007-4017

Cross-site request forgery CSRF vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators...

CVS (Web-Based) Directory Spider

The CVS directory contains the standard CVS file 'Entries'. Using this file, part of the contents of the document root of the web server can be obtained. This allows an attacker to search for sensitive information located in the document root of the web server. %NASLMINLEVEL 70300 CVS directory...

[SECURITY] Fedora 7 Update: phpPgAdmin-4.1.3-1.fc7

phpPgAdmin is a fully functional web-based administration utility for a PostgreSQL database server. It handles all the basic functionality as well as some advanced features such as triggers, views and functions stored procedures. It also has Slony-I support...

Cross Site Scripting in Oliver Library Management System

BACKGROUND ========== "Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century" -- from...

Design/Logic Flaw

Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories...

CVE-2007-3502

Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories...

CVE-2007-3502

CVE-2007-3502 affects Kaspersky Anti-Spam before 3.0 MP1. The vulnerability is in the web-based product configuration system, allowing remote attackers to obtain access to certain directories (information disclosure). The NVD entry cites network access with low attack complexity and no authentica...

CVE-2007-3502

Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories...

[SECURITY] Fedora 7 Update: phpPgAdmin-4.1.2-1.fc7

phpPgAdmin is a fully functional web-based administration utility for a PostgreSQL database server. It handles all the basic functionality as well as some advanced features such as triggers, views and functions stored procedures. It also has Slony-I support...

WmsCMS < = 2.0 Multiple XSS Vulnerabilities

Application: WmsCMS Vendors Url: http://www.web-master.biz Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities Exploitation: Remote Severity: Less Critical Solution Status: Unpatched Introduction: WmsCMS is a web-based CMS system Google Dork: "Powered by WMS-CMS" Affected...

BASE Authentication Redirect Authentication Bypass

The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host allows a remote attacker to bypass authentication to various scripts. Note that successful exploitation of this issue requires that BASE be...

IBM Web-based System Manager未明拒绝服务漏洞

IBM AIX是一款商业性质的操作系统。 IBM AIX基于WEB的系统管理器存在未明问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 IBM AIX 5.3 IBM AIX 5.2 补丁下载： IBM AIX 5.2 IBM websmifix.tar.Z ftp://aix.software.ibm.com/aix/efixes/security/websmifix.tar.Z IBM AIX 5.3 IBM websmifix.tar.Z...

JVN#19240523 HP System Management Homepage cross-site scripting vulnerability

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...

phppgadmin-xss.txt

------=Part257544061665.1180272607070 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Synopsis: Multiple XSS Vulnerabilities Introduction: phpPgAdmin is a web-based administration tool for PostgreSQL. Details: phpPgAdmin...