www.mv.com
|
Welcome to the Admin section within our archives. Please select a advisory below by clicking on it. vpopMail CGIaps hole This suid cgi can lead to mail server control in vulnerable versions. LinuxConf Local overflow Local overflow leads to root access. Achievo Web Management Include Attack This hole can allow an attacker inclusion of code from another site to be executed locally. Easy Homepage Admin Control A hole exists which may allow any user to modify another users settings. Webmin Session Hijack A hole exists which may allow administrative comprimise in this product. Webmin XSS Hole A cross site scripting hole has been found in the product. Back Office Web Admin Authentication Bypass This hole was found by www.ngssoftware.com. "Attackers can bypass the logon page and access the Back Office Web Administrator" PCI Netsupport Dir Transversal A hole exists that allows reading files outside the web root. Webmin 0.92 Priv Gain A hole exists that may allow local users to gain administrative privileges. CobaltRAQ 4 Management Tool multiple problems Three Different holes have been found in this product. DCP-PORTAL Cross Site Scripting DCP-PORTAL Path Disclosure Multiple problems have been found in DCP-Portal. Hosting Controller 1.4.1 Issues This application has a few design errors. Eserv 2.97 Remote File Viewing A hole exists that allows remote file viewing. CacheOS Web Admin Hole A hole exists in this product that can allow theft of usernames and passwords. Hosting Controller Multiple Holes A utility for windows that is used to help manage websites has been found to have multiple holes. BSCW Groupware system Multiple Holes Multiple Holes have been found in this piece of software. Ibillpm.pl Weak Authentication A hole exists where an attacker could add and remove users from the htaccess file via brute forcing. Webmin 0.88 local root A hole exists that can allow an attacker who has local access to gain root permissions. Novell Groupwise 5.5 and 6.0 Remote File Viewing A hole exists that can allow a attacker to read any remote file on a system running Groupwise 5.5 or 6. CPMDaemon Password changer This script/advisory allows a attacker to change passwords to systems running this script. Compaq Web Management Software Hole A hole exists that may allow a attacker to gain administrative priviledges. Account Manage Lite exploit This exploit allows a attacker to change a password. Simply copy the form and play with it. (I haven't personally tested this) ScreamingMedia SITEWare Allow Remote File Viewing A hole in this software can allow a attacker to read any file on a remote system running this script with the permissions of the webserver. ScreamingMedia SITEWare sourcecode disclosure Another bug allows a attacker to view the source code of any application in the webroot. |
|
External Links: Providing Web Security news since 2000. Best Viewed with Netscape. |
| Webappsec |
|
Securityfocus updating please wait |