Code injection

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

About 9 lines of code cause the system to crash analysis-vulnerability warning-the black bar safety net

At present, many places are reproduced with the use of 9 lines of code history windows crash of the article, but I found no information about why would make windows crash analysis. I'll take the original for everyone to see. Then put the specific details in the way. Microsoft has claimed that...

With a batch of home batch write hung it to the code-vulnerability warning-the black bar safety net

Author: nerve-wracking Previously in online found a batch of home added to the hanging horse generation to horse software,you have the idea with the batch to achieve this functionality Today I learned the point of the batch,just came up with,not so perfect,or then again...later in the modified Us...

XOR-iUser.txt

------=Part352119317884.1140054596440 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=...

xmameOverflow-ruby.txt

!/usr/bin/ruby One of the PoC code for xmame "-lang" options. Advisory is base on : http://kerneltrap.org/node/6055 by xwings at mysec dot org url : http://www.mysec.org , new website Tested on : Linux debian24 2.4.27-2-386 1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux gcc version 4.0.3 20060104...

NetBSD Security Advisory 2006-002: settimeofday() time wrap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2006-002 ================================= Topic: settimeofday time wrap Version: NetBSD-current: source prior to December 5, 2005 NetBSD 3.0: not affected NetBSD 2.1: affected NetBSD 2.0.3: affected NetBSD 1.6.2: affected...

CVE-2006-0083

Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...

Sumus 0.2.2 - HTTPd Remote Buffer Overflow

Sumus 0.2.2 - HTTPd Remote Buffer Overflow / sumusv0.2.2: httpd remote buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xsumus.c -o xsumus syntax: ./xsumus -pscrln -h host sumus homepage/url: http://sumus.sourceforge.net Mus is a Spanish cards game played by 4...

Invision Power Board (IP.Board) 1.x2.0.3 - SML Code Script Injection

Invision Power Board IP.Board 1.x2.0.3 - SML Code Script Injection source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included CVE-2004-0003. A local root vulnerability was discovered in the isofs component of the Linu...

DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities

Bulletin has no description...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

Gopherd 3.0.5 - FTP Gateway Remote Overflow

/ UMN gopherd2.x.x/3.x.x: remote "ftp gateway" buffer overflow. by: vade79/v9 v9 at fakehalo.deadpig.org fakehalo/realhalo three years since last audit, code is a little more secure. but, still found a few potentially exploitable situations. this exploits the "ftp gateway" feature of gopherd. the...

Linux Kernel <= 2.4.20 decode_fh Denial of Service Exploit

No description provided by source. / Linux 2.4.20 knfsd kernel signed/unsigned decodefh DoS Author: jared stanbrough jareds pdx edu Vulnerable code: fs/nfsd/nfs3xdr.c line 52-64 static inline u32 decodefhu32 p, struct svcfh fhp int size; fhinitfhp, NFS3FHSIZE; size = ntohlp++; if size NFS3FHSIZE...

Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting

Kerio MailServer 5.6.3 - Web Mail DOMAP Module Cross-Site Scripting source: https://www.securityfocus.com/bid/7968/info Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the domap module of the Kerio Mailserver web mail component. An...

Sun ONE Application Server 7.0 - Source Disclosure

source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

miniPortail (PHP) : Admin Access

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.aldweb.com/ Version : 1.9, 2.0, 2.1, 2.2 and less ? Problem : Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/admin.php :...

CVE-2002-0687

Zope Server DoS via header injection (CVE-2002-0687) affects Zope versions 2.0 through 2.5.1 beta 1, where the "through the web code" capability allows untrusted users to crash the server by injecting malicious headers into a response. The connected advisories (GHSA-vwrc-g9q6-f675 and OSV) descri...

CVE-2002-1752

csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...