[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139230

 
 

909

 
 

113006

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 139031 Download | Alert*

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.

Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.

Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.

The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.

Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.

Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin ...

Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   13903

© SecPod Technologies