[Full-disclosure] phpPgAdmin Multiple XSS Vulnerabilities

Synopsis: Multiple XSS Vulnerabilities Introduction: phpPgAdmin is a web-based administration tool for PostgreSQL. Details: phpPgAdmin doesn't correctly sanitize data in $SERVER array and most of the scripts make direct use of PHPSELF. PoC:...

GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution

The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'plugins/scmcvs/cvsweb.php' script before using it to execute a shell command. An unauthenticated attacker...

Vulnerability in InterVations' MailCopa

While developing one of our advanced security training movies, we identified an exploitable vulnerability in the latest release of InterVetions' MailCopa. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the user executing MailCopa. In a...

Nortel VPN路由器多个远程非授权访问漏洞

Nortel VPN路由器为IP网络和因特网上的安全连接提供路由、VPN、防火墙、带宽管理、加密、认证和数据完整性功能。 Nortel VPN路由器上配置了两个默认的用户帐号（FIPSecryptedtest1219和FIPSunecryptedtest1219），这些用户帐号存储在了路由器各种隧道类型的默认LDAP，允许攻击者获得对专用网络的非授权访问。 Nortel VPN路由器使用基于Web的设备管理界面。大多数功能仅在管理员授权后才能使用，但通过精心创建的URL攻击者可以未经授权访问一些管理Web页面，控制某些配置设备。 此外Nortel...

TestDirector (TD) for Mercury Quality Center SPIDERLib.Loader ActiveX Control (Spider90.ocx) ProgColor Property Overflow (2)

The remote host is running Mercury Quality Center, a web-based solution for automatic software testing. The version of Quality Center installed on the remote host hosts an ActiveX control affected by a buffer overflow vulnerability and will serve up a copy of that control if a connecting client...

[ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability

----------------------------------------------------------------------------------------- ECHOADV80$2007 Softerra Time-Assistant = 6.2 incdir Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...

Softerra Time-Assistant 6.2 - inc_dir Remote File Inclusion

Softerra Time-Assistant 6.2 - incdir Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV80$2007 ----------------------------------------------------------------------------------------- ECHOADV80$2007 Softerra Time-Assistant = 6.2 incdir...

Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vuln

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV80$2007 ----------------------------------------------------------------------------------------- ECHOADV80$2007 Softerra Time-Assistant = 6.2 incdir Remote File Inclusion...

Softerra Time-Assistant 6.2 - 'inc_dir' Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV80$2007 ----------------------------------------------------------------------------------------- ECHOADV80$2007 Softerra Time-Assistant = 6.2 incdir Remote File Inclusion Vulnerability...

ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user

"ManageEngine Firewall Analyzer is a web based firewall monitoring and log analysis tool that collects, analyses, and reports information on enterprise-wide firewalls, proxy servers, and radius servers. " a authorized user to the "firewall analyzer" can access any common file on the system, it is...

iDefense Security Advisory 03.15.07: Horde Project Cleanup Script Arbitrary File Deletion Vulnerability

Horde Project Cleanup Script Arbitrary File Deletion Vulnerability iDefense Security Advisory 03.15.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 15, 2007 I. BACKGROUND The Horde Project provides a PHP-based framework, as well as applications for web-based group collaboration. IMP...

NetMail WebAdmin username buffer overflow

Added: 03/16/2007 CVE: CVE-2007-1350 BID: 22857 OSVDB: 33886 Background Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP. Problem A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary command...

getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities

getID3, a web-based tool for extracting information from MP3 files, is installed on the remote web server. The installation of getID3 includes a set of demo scripts that allow an unauthenticated, remote attacker to read and delete arbitrary files, write files with some restrictions, and execute...

Trend Micro OfficeScan client ActiveX control buffer overflow

Added: 02/21/2007 CVE: CVE-2007-0325 BID: 22585 OSVDB: 33040 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is...

Trend Micro OfficeScan client ActiveX control buffer overflow

Added: 02/21/2007 CVE: CVE-2007-0325 BID: 22585 OSVDB: 33040 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is...

Microsoft Security Advisory &#40;933052&#41; Vulnerability in Microsoft Word Could Allow Remote Code Executio

Microsoft Security Advisory 933052 Vulnerability in Microsoft Word Could Allow Remote Code Execution Published: February 14, 2007 Microsoft is investigating new public reports of very limited, targeted attacks against Microsoft Word “zero-day” using a vulnerability in Microsoft Office 2000 and...

Aruba Mobility Controller vulnerable to privilege escalation

Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...

Microsoft Security Advisory &#40;932114&#41; Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution

Microsoft Security Advisory 932114 Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution Published: January 26, 2007 Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried ou...

Cacti: Command execution and SQL injection

Background Cacti is a web-based network graphing and reporting tool. Description rgod discovered that the Cacti cmd.php and copycactiuser.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php an...

AShop Shopping Cart Multiple XSS Vulnerabilities

Ashop Commerce provides a turn-key ecommerce solution with it's revolutionary online store building software. One of the worlds most easy to use web based administrations with award winning features allows the merchant to set up an online store capable of competing with the webs most powerful...