PHP Universal Web Messenger suffers from a cross-domain redirect vulnerability.
3d11a6d4f9d5cdf42c90ac17922caf1bba35357aa4b5bbdfd7e1d98500977074Pragyan CMS version 3.0 suffers from a remote file inclusion vulnerability. Note that this was previously discovered in earlier versions as well.
4dca54d6c0b674e5c26721cf544ef03a58e7c9f7aea0ad475746cbb9e7172547The Adobe Coldfusion administration console suffers from a traversal vulnerability that allows for unauthenticated file retrieval.
59cbe441b1cfdd493b736961317513e747a4567e06054074f35b525e6cd63aedPrado Portal version 1.2.0 suffers from a cross site scripting vulnerability.
0295beb3b2086ae23b1370e53bf0e53c278ad279bb9936f34732f32616e6e70eProcheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.
b19b3cf027c13feb0c9453befa1a1695ad3c71996e2d1625b3489dfef480afbaThere are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
326494fa568636de33e0f91b5754e4162844799a25a06bf6b2e512036e7a8781The Apache Axis2 administration console version 1.4.1 suffers from a cross site scripting vulnerability.
ed58940ac4538c0cd3fe086d4b9d9375b502074e41a4c5e2e8c33d83524a35ab3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Various IMC pages are vulnerable to a reflective XSS attack, including the login page. Various pages also disclose information including the SQL sa account password which might be used to assist in carrying out further attacks.
14a0d934e67f92397613f7bba706a6ee6f5fb1c8d47058c1d6c0df0cd0fa51c23Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Procheckup has discovered that the IMC management console is vulnerable to an unauthenticated directory traversal attack within the reporting functionality.
6192a54caa6b9d2367e3f0145e14d891d023f72d8b43f7842e66482213d45191Portwise SSL VPN version 4.6 suffers from a cross site scripting vulnerability.
d9b96b55dfa2056ae70f1178f252fe1ab57454ee9e6be79fb320310542a95c6aCommonSpot Server suffers from a cross site scripting vulnerability.
df67dfe5debcbb27e0fef223695bfa6598ccdaa78f99196c76f1ec8693d28f42HP System Management
ddcc79a177acbbd59d6d2d079154c3d46d3fcfdbb7f16e567efe08e109ead8d5Pragyan CMS version 2.6.4 suffers from a remote file inclusion vulnerability in Search.php.
b6183764b943e5b856679888742b4de763e26e5bac4821e8de0ce132f170c2c0pragmaMx suffers from a remote blind SQL injection vulnerability.
102a9f1ff2249f3b6057cf0cd52eb952ddc3eea03f4f36345bf8116d9bda5435This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. This is an update to the original release.
e3248ace7a5b9361f7b718d101f566a149375092c32ee63eca3bad0a84efdc31This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.
e3e2ec70ee2040efbdbd9bc976ec570be8d2ff285c3860f57e0e4a9dff455e2fPragyan CMS version 2.6.4 suffers from multiple remote SQL injection vulnerabilities.
7074f5d7cfaea0f38c4ee93b915196c2fb67a7ca130d44914a2c38c315c034e3Whitepaper called Practical SQL Injection: Bit By Bit.
ad841634804924e767f7bd0426338353c65c780f387ad40adc2da54a6b09f9b9Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8348d6de98893f1fbe8f491cb7e3dbf8a1f1b7c208a476cf8a27a8b3c4e972c9Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8c6f6fe9e4d988f1180099d2a613b38e803523f9b1e5b972d27ba0320dec08c6Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.
9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88aAn unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager.
b9cdf1803245bb22824bf0f94a63052849f94ebcd387e642343d714cc5063316The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.
23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.
aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9Whitepapger entitled Practical Attacks Against WEP and WPA.
0552f9b277abd7b0a1b272f620935f58ea75d97f0cb3b61d27b7b32ffe589f86
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed