Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/42322/info Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Successful exploit requires that the 'nagiosadmin' be logged into the web interface. Attackers can explo...

Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities

Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/42322/info Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Successful exploit requires that the...

InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

BUGTRAQ ID: 41072 InterScan Web Security Virtual Appliance是一款能安装在VMware平台上的网页过滤产品。 InterScan Web Security Virtual Appliance没有正确地过滤提交给/servlet/com.trend.iwss.gui.servlet.exportreport的 exportname"参数和提交给/servlet/com.trend.iwss.gui.servlet.ConfigBackup的 pkgname参数，远程攻击者可以通过目录遍历攻击从系统下载任意文件。 InterScan W...

C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40134/info C99Shell is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

OSSIM repository_attachment.php页面任意文件上传漏洞

BUGTRAQ ID: 37377 OSSIM即开源安全信息管理（Open Source Security Information Management），是一个非常流行和完整的开源安全管理系统。 OSSIM的ossiminstall/repository/repositoryattachment.php脚本没有正确地执行安全检查，用户可以向Webroot中的文件夹上传带有任意扩展名的文件。如果用户上传了包含有某些Web Shell的PHP脚本，就会导致执行任意PHP代码。 AlienVault OSSIM 2.2 AlienVault OSSIM 2.1.5 厂商补丁：...

OSSIM v2.2 Multiple Vulnerabilities

Exploit for unknown platform in category web applications =================================== OSSIM v2.2 Multiple Vulnerabilities =================================== Advisory Name: Arbitrary File Download in OSSIM Vulnerability Class: Arbitrary File Download Release Date: 03-16-2010 Affected...

File Upload Manager 1.3 - Web Shell File Upload

File Upload Manager 1.3 - Web Shell File Upload Version: v1.3 ============================================================ www.sec-war.com ============================================================ 1- upload shell with: shell.php.jpg shell.php.gif shell.php.htm shell.htm shell.php.jpeg...

File Upload Manager 1.3 - Web Shell File Upload

Version: v1.3 ============================================================ www.sec-war.com ============================================================ 1- upload shell with: shell.php.jpg shell.php.gif shell.php.htm shell.htm shell.php.jpeg shell.php.bmp 2- Go to shell link : Example :...

OSSIM 2.1.5 File Upload

Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...

OSSIM v2.1.5 Arbitrary File Upload

No description provided by source. Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity:...

OSSIM 2.1.5 - Arbitrary File Upload

Advisory Name: Arbitrary File Upload in OSSIM Vulnerability Class: Arbitrary File Upload Release Date: 12-16-2009 Affected Applications: Confirmed in OSSIM 2.1.5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...

Achievo 1.4.2 - Arbitrary File Upload

Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Vendor Status: New release available Achievo 1.4.3 Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerabilitypolicy.pdf...

Achievo 1.4.2 Arbitrary File Upload

No description provided by source. Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Vendor Status: New release available Achievo 1.4.3 Reference to Vulnerability Disclosure Policy:...

Achievo 1.4.2 Arbitrary File Upload

Exploit for unknown platform in category web applications =================================== Achievo 1.4.2 Arbitrary File Upload =================================== Affected Applications: Confirmed in Achievo 1.4.2. Other versions may also be affected. Severity: Medium – CVSS: 6.8...

Background get web shell collection-vulnerability warning-the black bar safety net

Today bring you are some of the technical summary, some of the old ask experience how come this is the experience we hope everyone can become a scripting master. Move online pass vulnerability, I believe we scored a lot of broiler chickens. Can say is move network make upfile. asp Upload file...

getwebshell for oracle-vulnerability warning-the black bar safety net

by elegant wind ping SQL create tablespace kjtest datafile 'e:\website\kj.asp' size 100k nologging ; Copy the code This will create the Table space. It should be noted that the oracle of the Table, The smallest unit is 100K. The following began to build the table: SQL Create TABLE WEBSHELLC...

webshell431-xssxsrf.txt

======================================================================= . .. | | / / | | | | / \ / / /\ / / \ | | | / / \ /\ \| | / // / /\ \ / / / // http://www.lowsec.org ========================================================================...

klinks-sqlxss.txt

================================================================================ || K-Links Directory SQL-INJECTION, XSS ================================================================================ Application: K-Links Directory ------------ Website: http://turn-k.net/k-links -------- Version...

K-Links Directory (SQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. ================================================================================ || K-Links Directory SQL-INJECTION, XSS ================================================================================ Application: K-Links Directory ------------ Website:...

k-links directory - SQL Injection Cross-Site Scripting

k-links directory - SQL Injection Cross-Site Scripting ================================================================================ || K-Links Directory SQL-INJECTION, XSS ================================================================================ Application: K-Links Directory...