This Metasploit modules exploits a directory traversal vulnerability in NetDecision 4.2 TFTP service.
82ebd3972f559a0e67b990abcd101f061a85f5f36f1cdddb753037f361b6431d
This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
0d13cee7943b511e1894639ec337c177f0900b866756b484b6bf6fa8eab38bed
D-Link DIR-601 suffers from a tftp related directory traversal vulnerability.
c2341be3374f364db4886f7f9c73cd038eea6bb969288bf41618374a371eccf2
A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
1231ae3590ce9f439d6b83bc44f312d176de967ea3fd246651485e8e72f9d537
A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" directory can obtain the user credentials using readily available tools.
5cbcfb103f656ef50499195011ab3f297cb4532d146aa664ccd91c09612fe813
A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools.
1e5e9c85c5226e719db82524ba8e52dd4a1526c77d534b61ca30a522f9e623ab
Foxit Reader is vulnerable to a insecure library loading vulnerability. The libraries identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll.
047e3c204e5c287be970d65194e080c2be858894ecf54e106bd21d7be1137d5f
PDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.
86766208a90ef69191d151095e97ebd1cdcdf37a7ef654d94d09c148515f3dec
CodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.
37b2d92023e5ba909975303fa7fb686f9e8f69afae90052f86672f0c13a993cc
Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0 suffer from multiple cross site scripting vulnerabilities.
de6e4d3b5961ca6b8c0771fb8c0bbb98a1eca1d8a74a30f719e8e3999f27a287
Sonexis ConferenceManager version 9.3.14.0 suffers from a remote SQL injection vulnerability.
37aba3b355976382ff4224b89f1bb3b7b846ece9b9010e83d7b60d3569629382
A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.
163a065cfecd676df474c29e1bd95914935a34327f5d1ac24420581f6c99a5ae
Tembria Server Monitor suffers from multiple cross site scripting vulnerabilities.
bd43f55446ef0b1ec184ba04169d7ae96d5669d34c462d144c86fcb05e1fc3d3
ManageEngine EventLog Analyzer version 6.1 suffers from multiple cross site scripting vulnerabilities.
7cb6e64c640b4ec8752b210b56496188f79b9a7b16c49c12fea64d2fd0b98a37
Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.
38d0853e67710878d23cc032e0905d8715455a8808a2d048463114929f781f0e
ManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.
9f4921e40b2aa8b7483acda6af72d4fa70c77ca1e595b48731a77471bae50f5a
The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.
0aa31d61a17571c0fb1db50bfa89f614672ac6e1de71f37e6ea906313453af1b