Beanbag Review Board 跨站脚本漏洞

Beanbag Review Board is the U.S. Beanbag company's set of open source code review review tool. The tool includes a server-side program reveiwboard and client-side command line RBTools. A security vulnerability exists in Review Board version 3.0.20 and 4.0 RC1 and earlier versions, which can be...

CVE-2017-16994

The walkhugetlbrange function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore system call...

kernel: net: double-free and memory corruption in get_net_ns_by_id()

A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function getnetnsbyid does not check for the net::count value after it has found a peer network in netnsids idr which could lead to double free and memory...

Directory traversal

Directory traversal vulnerability in bbcoderef.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log...

CVE-2006-7128

CVE-2006-7128 describes a PHP remote file inclusion in JAF CMS 4.0 RC1, exploitable via the URL in the website parameter of forum.php, allowing remote code execution. The NVD CVSSv2 base score is 7.5 (HIGH) with network access, low complexity, no authentication, and partial impact on confidential...

JAF CMS Forum.PHP远程文件包含漏洞

Salims Softhouse JAF CMS是一款基于PHP的内容管理程序。 Salims Softhouse JAF CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Forum.PHP'脚本对用户提交的'applAPPL'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Salims Softhouse JAF CMS 4.0 RC1 Salims Softhouse JAF CMS 3.0 RC Salims Softhouse JAF CMS 2.5 Salims Softhous...

JAF CMS <= 4.0 RC1 Multiple Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== JAF CMS = 4.0 RC1 Multiple Remote File Include Vulnerabilities ===============================================================...

CVE-2006-5131

module/shout/jafshout.php aka the shoutbox in ph03y3nk just another flat file JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "", possibly due to a static code injection vulnerability involving admin/datainc.php...

JAFCMS-4.0.txt

Hacker: NanoyMaster /|| \ | || \ / ||\ Exploit: JAF CMS / || |\| || / || \ Version: 4.0 RC1 \ || | \ || |/| || / ||| ||| |||/ vulnerabilities: XSS in shoutbox PHP execution XSS in forum \m/Props\m/ z3r0phr34k SystemMeltdown THK-GEO & THK-h3x All of Exploitarians...

CVE-2006-5129

CVE-2006-5129 affects ph03y3nk just another flat file (JAF) CMS 4.0 RC1. The vulnerabilities are cross-site scripting in two spots: (1) module/shout/jafshout.php (the shoutbox) via the message parameter and related name/email/title/date/ldate/lname variables, and (2) the message body in a forum p...