CVE-2010-2322

Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an...

CVE-2010-2322

CVE-2010-2322 is a path traversal vulnerability in the FastJar 0.98 extract_jar implementation (jartool.c). The flaw allows remote attackers to create or overwrite arbitrary files inside a .jar by supplying a full pathname for a file within the archive. This issue is related to (and caused by) an...

PHP-Calendar configfile变量远程文件包含漏洞

CVECAN ID: CVE-2009-3702 php-Calendar是一款基于WEB的日历事务系统。 PHP-Calendar中存在多个绝对路径遍历漏洞，远程攻击者可以通过在提交给update08.php或update10.ph的configfile参数中的完整路径名导致包含并执行任意本地文件。以下是有漏洞的代码段： 36 elseif!empty$GET'configfile' 37 iffileexists$GET'configfile' 38 requireonce$GET'configfile'; PHP-Calendar 1.1 临时解决方法：...

conn. asp storm library law principles and applications-vulnerability warning-the black bar safety net

Today learn conn. asp storm database,this method is a very old method,it is through direct access to the database connection file conn. asp enables the server to produce the error,by returning the error information to storm out of the database the absolute path,here in conn. asp is the database...

Oriental legend o thinking self-help built Station software vulnerabilities-vulnerability warning-the black bar safety net

Oriental legend o thinking self-help built Station software vulnerabilities Simple is the way./ in. Mainly use for windows 2 0 0 3 iis6 parsing vulnerability Upload format . asp:. jpg put immediately transmitted to Google:personmbcenter/defaultlogin. aspx First register a member! Registration is...

Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion

Mambo Component comkoesubmit 1.0.0 - Remote File Inclusion Mambo comkoesubmit 1.0.0 Remote File Inclusion Author : Don Tukulesto rootatindonesiancoderdotcom Homepage : http://www.indonesiancoder.com Date : Friday, Semptember 18, 2009...

Joomla GroupJive 1.8 B4 Remote File Inclusion

Joomla Component groupjive 1.8 B4 RFI Vulnerability Author : M3NW5 Homepage : http://www.indonesiancoder.com contach : [email protected] Location : INDONESIA Achievo 1.3.4 Information Vendor : http://www.groupjive.org/ Scripts : http://forge.joomlapolis.com/projects/listfiles/groupjive File :...

CVE-2008-7142

Absolute path traversal vulnerability in the Disk Usage module frontend/x/diskusage/index.html in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter...

Path traversal

Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter...

DedeCMS V5. 3 exp-vulnerability warning-the black bar safety net

Delete the Site any file. 2. Proof absolute path The impact of the system = DedeCMS V5. 3 1. Delete any file. Registration of normal users...feel free to find a place to upload an attachment it is OK. Part of the code: Copy the code form name="form1" action="http:// 网站 地址...

Development tips: ASP Trojan FTP and decompression-vulnerability warning-the black bar safety net

I think we all have some opened 8 0 port of broiler bar,if it is domestic for security do not look down,if you do not wish to see,I dedicate ugly,in order to initiate. In broilers placed on the website,the most troublesome is probably the update and upload a lot of files, Terminal Services broad...

CVE-2009-2180

Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via 1 a .. dot dot or 2 absolute path in the file parameter...

CVE-2009-2184

Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" slash in the file parameter...

Path traversal

Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" slash in the file parameter...

CVE-2009-2184

CVE-2009-2184 affects Gravy Media Photo Host 1.0.8, with an absolute path traversal vulnerability in forcedownload.php. The underlying issue allows remote attackers to read arbitrary files by supplying an encoded "/" in the file parameter. According to the NVD entry, the vulnerability has a Base ...

CVE-2009-2166

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

Path traversal

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

CVE-2009-2166

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

CVE-2009-2166

CVE-2009-2166 affects OCS Inventory NG: cvs.php information disclosure vulnerability that allows an attacker to read arbitrary files on Unix systems by supplying a full pathname in the log parameter, due to an absolute path traversal issue. Affected version: before 1.02.1. Root cause: improper ha...

PHP 5.2.10 safe_mode Bypass

PHP safemode bypass with exec/system/passthru Once again php public new version :php5.2.10 ,and it fix lots of bugs, like this : Bug 45997safemode bypass with exec/system/passthru incorrect fix php5.2.10 ... b = strrchrcmd, PHPDIRSEPARATOR; ifdef PHPWIN32 if b && b == '\' && b == cmd...