The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.
3d5db43c4aa4093db243a62d6926f5bcb8ee486ff32706192155dc2b1ed03ea2The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-onlyfile access outside of the iPhone Configuration Web Utility 1.0 web root.
7ce5fcd314e35e70c977c9545e1d933f9a4885f0dd88693baff62488638736c9PageR versions below 5.0.l7 from AVTECH suffer from a directory traversal vulnerability.
fa3adea33552ca9262630da8516877402668262951127620425fcaead47745daA classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
dffb03dd9181a15df67067f309c62e9515445ba6b21dab2a0a783789bdd11745
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed