Next Page >>
More Details
Prior versions may also be vulnerable
=============
"CMS RedAks 2.0 is a web based content management system."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in CMS RedAks 2.0, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed directly to the "search", "search_id" and "search_inall" POST parameters in "/search/" Controller is not properly sanitised before being stored and returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution
Introduction
============
xt:Commerce is one of the leading webshop systems based on the eCommerce Engine.
More Details
============
1. Cross Site Scripting:
----------------------
Prior versions may also be vulnerable
=============
"Subdreamer CMS is a web based content management system."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in Subdreamer CMS, which can be exploited to conduct sql injection attacks.
Input passed directly to the "categoryids[]" POST parameter in "/admin/pages.php?action=update_pages" is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
============
ActualAnalyzer is a powerful statistics-gathering and analysis tool for monitoring web site traffic.
It is equally effective for sites with low and high volumes of traffic
and provides a wealth of comparative and analytical information.
More Details
============
Cross Site Scripting:
Input passed directly to the "language" parameter in "view.php" is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
critical resources from external and internal threats.''
(From the vendor's homepage)
More Details
============
Users with the role "limited-admin" are allowed to log into the
web-based administrative interface and configure some aspects of a
ZyWALL USG appliance. It is usually not possible to download the current
============
"PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML."
- from php.net
More Details
============
1. Full Path Disclosure
-----------------------------------
There is a full path disclosure vulnerability concerning the
preg_match() php function which allow attackers to
Syslserve 1.058 is an application that provides services for receiving system event messages to provide a centralized reporting interface for distributed system events. The application should validate and sanitize all user input to prevent unexpected conditions.
Vulnerability Scope: The default installation of Syslserve 1.058 will allow exploitation of this vulnerability.
[--More Details--]
Exploitation of this flaw can be executed by sending a specially crafted UDP to the target server. No exploit code is required.
[--Fix or Workaround Information--]
implemented.
(from the vendor's homepage)
More Details
============
When parsing HTTP requests, nostromo first checks for directory
traversal attempts by searching for /../ in the request URI. However
this check is performed before decoding escaped characters in the URI.
of organizations across the globe."
(from Bugzilla's homepage)
More Details
============
The chart-generating script chart.cgi contains a method plot(), that
creates a new chart:
NetDecision TFTP Server 4.2 is an application that provides services for transferring configuration files, firmware files and other types of data using the TFTP protocol. The application should restrict PUT and GET requests to the contents of the TFTP root directory to prevent obtaining data from other parts of the host operating system or uploading malicious code.
Vulnerability Scope: The default installation of NetDecision TFTP Server 4.2 will allow exploitation of this vulnerability.
[--More Details--]
Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required.
[--Fix or Workaround Information--]
administration in WebGIS projects."
(from the vendor's homepage)
More Details
============
Due to the lack of input validation, an attacker is able to inject
SQL-commands in many PHP scripts of Mapbender. This vulnerability can be
exploited regardless of PHP magic quotes. For demonstration purposes, the
TFTPUtil GUI is an application that provides services for transferring configuration files, firmware files and other types of data using the TFTP protocol. The application should restrict GET requests to the contents of the TFTP root directory to prevent obtaining data from other parts of the host operating system.
Vulnerability Scope: The default installation of TFTPUtil 1.20. or 1.3.0 will allow exploitation of this vulnerability.
[--More Details--]
Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required.
[--Fix or Workaround Information--]
Original Advisory:
============
http://www.sec-area.com/?p=141
More Details
============
1. Cross-site scripting
-----------------------------------
enable malicious attackers to inject client-side script into web pages
Introduction
============
BLUEPAGE CMS is an easy to handle content management system.
More Details
============
1. cross site scripting:
---------------------
-Input passed directly to the "whl", "var_1" and "search" parameter in "index.php" are not properly sanitised before being returned to the user.
&messagegroupid[0]=3 ) UNION SELECT
concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE
userid=1#
##########################################################################################
More Details:
##########################################################################################
Http://www.Garage4Hackers.com
http://www.garage4hackers.com/showthread.php?1177-Vbulletin-4.0.x-gt-4.1.3-(messagegroupid)-SQL-injection-Vulnerability-0-day
Prior versions may also be vulnerable
=============
"CMS RedAks is a web based content management system."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in CMS RedAks v.2.0, which can be exploited to conduct sql injection attacks.
Input passed directly to the "search_area" POST parameter in "/search/" Controller is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Description
=============
"Conpresso CMS v4.1 is a web based content management system."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in Conpresso CMS v4.1.1, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "rubric" and "q" parameters to mod_search/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that "mod_search" is enabled in the application.
Solution
is a protocol within RTCM to provide GNSS information via Internet."
(from the vendor's homepage)
More Details
============
After logging in, the GNCaster server software allows the user to
receive data streams. For some of these streams the user can send
so-called NMEA-data to the server to specify the user's geographical
Introduction
============
"Anantasoft Gazelle CMS is web based content management system."
More Details
============
We at MajorSecurity have discovered a vulnerability in Anantasoft Gazelle CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to change the administrator's password by tricking a logged in administrator into visiting a malicious web site.
Solution
small business, group of people, or just for yourself."
(From the vendor's homepage)
More Details
============
The Owl Intranet Engine implements an adminstrative interface, allowing
users in the "Administrators" group to add and edit users and generally
maintain the Owl system. By default, a guest account is activated, that
Prior versions may also be vulnerable
=============
"phpFaber CMS is web based content management system."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in phpFaber CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed directly to the "ERR_MSG" GET Parameter and to the "COMPANY_NAME" and "SPOTLIGHT" POST Parameter in "index.php" is not properly sanitised before being stored and returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
the ultimate replacement of Outlook and similar desktop mail clients."
(from the vendor's homepage)
More Details
============
The IceWarp eMail Server's web-based groupware component provides
functionality for users to store, for example, contact information,
notes, a journal or files. A search form can be used to search for such
Per software download sites description: “TimeTools Windows Atomic Clock NTP Server Syslog Daemon is a free utility that runs on any Windows NT/2000/XP/2003 workstation or server. It allows any syslog messages from any Linux or Unix based syslog client to be logged and displayed.”
Vulnerability Scope: The default installation of Windows NTP Time Server Syslog Monitor 1.0.000 will allow exploitation of this vulnerability.
[--More Details--]
Exploitation of this flaw can be executed by sending a specially crafted UDP to the target server. No exploit code is required.
[--Fix or Workaround Information--]
is a protocol within RTCM to provide GNSS information via Internet."
(from the vendor's homepage)
More Details
============
The authentication method required for requesting the path "/admin.htm"
is HTTP Digest. The following flaws were identified during a penetration
test:
Affected Products:
----------------------------
test on PBBoard 2.0.2
maybe work under 2.0.2
More Details
============
1. Full Path Disclosure
-----------------------------------
allow attackers to gather the real path of the server side script.
Introduction
************************
ConPresso CMS is a PHP-based Content Management System.
More Details
************************
1. Cookie_Manipulation:
---------------------
The cookie variable "PHPSESSID" parameter can be set to a malicious and arbitrary value.
Introduction
============
WEB//NEWS is an easy to handle news management system which works with MySQL/PHP.
More Details
============
1. SQL Injection:
---------------------
Input passed to the "catid" parameter in "search.php" using $_POST is not properly sanitised before being used in a SQL query.
Introduction
************************
Pro Clan Manager is a PHP-based Content Management System.
More Details
************************
1. Cookie_Manipulation:
---------------------
The cookie variable "PHPSESSID" parameter can be set to a malicious and arbitrary value.
Walusoft TFTPServer2000 Version 3.6.1 is an application that provides services for transferring configuration files, firmware files and other types of data using the TFTP protocol. The application should restrict GET requests to the contents of the TFTP root directory to prevent obtaining data from other parts of the host operating system.
Vulnerability Scope: The default installation of Walusoft TFTPServer2000 Version 3.6.1 will allow exploitation of this vulnerability. This software is licensed to and re-branded by many VoIP phone systems manufacturers. Verification of the product origin can be obtained by reading the about page.
[--More Details--]
Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required.
[--Fix or Workaround Information--]
Introduction
============
Invision Power Board is a widely used forums script.
More Details
============
Input passed to the calendar app (which is one of the core modules inside invision power board) is not properly sanitised before being stored and returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The calendar can be shown on every page of the invision board, so that in fact this is a serious security issue.
Next Page>>
|
