Code injection

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when registerglobals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file...

EUVD-2008-3749

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when registerglobals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file...

CVE-2008-3763

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when registerglobals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file...

DEBIAN-CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

ibase 2.03 - Remote File Disclosure

ibase 2.03 - Remote File Disclosure Name: AFD i-base = 2.03 Author: Dyshoo Vendor: http://www.i-base.net/ Dork: "inurl:ibase site:de" http://site/ibase/zubehoer/download.php?filename=file Database config: http://site/ibase/zubehoer/download.php?filename=../config/configdb.php milw0rm.com 2008-07-...

PixelPost 1.7.1 File Disclosure

PixelPost 1.7.1 File Disclosure by Charles "real" F. charlesfolathotmail.fr http://realn.free.fr Requires registerglobals = On magicquotesgpc = Off PROOF OF CONCEPT TARGET URL: http://url/addons/copyfolder.php?...

Virus Buster Corporate Edition vulnerability

Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...

gamingdir-sql.txt

--==+================================================================================+==-- --==+ Gaming Directory 1.0 SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 5 April 2008...

Gaming Directory 1.0 (cat_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ Gaming Directory 1.0 catid Remote SQL Injection Vulnerability ================================================================...

Gaming Directory 1.0 - 'cat_id' SQL Injection

--==+================================================================================+==-- --==+ Gaming Directory 1.0 SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 5 April 2008...

Fedora 7 : openldap-2.3.34-7.fc7 (2008-1616)

Fri Feb 8 2008 Jan Safranek 2.3.34-7 - fix CVE-2008-0658 432012 - Tue Feb 5 2008 Jan Safranek 2.3.34-6 - fix CVE-2007-6698 431409 - Mon Jan 14 2008 Jan Safranek 2.3.34-5 - fix default slurpd directory to /var/lib/ldap 424831 - Fri Nov 2 2007 Jan Safranek 2.3.34-4 - fix various security flaws...

Fedora 7 : openldap-2.3.34-6.fc7 (2008-1307)

Tue Feb 5 2008 Jan Safranek 2.3.34-6 - fix CVE-2007-6698 431409 - Mon Jan 14 2008 Jan Safranek 2.3.34-5 - fix default slurpd directory to /var/lib/ldap 424831 - Fri Nov 2 2007 Jan Safranek 2.3.34-4 - fix various security flaws 360081 - Fri Jul 13 2007 Jan Safranek 2.3.34-3 - Fix initscript return...

phpMyClub 0.0.1 - 'page_courante' Local File Inclusion

phpMyClub Local File Inclusion Vulnerability Download script : http://ovh.dl.sourceforge.net/sourceforge/phpmyclub/phpMyClub-0.0.1.zip Author : S.W.A.T. E-Mail : [email protected] - [email protected] Home : http://svvat.ir For Execute Exploit Does Not Write Extention Of File example :...

XZero Community Classifieds 4.95.11 - Remote File Inclusion

XZero Community Classifieds 4.95.11 - Remote File Inclusion XZero Community Classifieds = v4.95.11 Remote File Inclusion linK : http://www.xzeroscripts.com download: http://rapidshare.com/files/66809648/XZCl4.95.11.rar cod3d and f0unded by Kw3rLn from Romanian Security Team a.K.A http://rstzone.o...

XZero Community Classifieds <= 4.95.11 Remote File Inclusion Vuln

Exploit for unknown platform in category web applications ================================================================= XZero Community Classifieds = 4.95.11 Remote File Inclusion Vuln ================================================================= XZero Community Classifieds = v4.95.11...

WordPress Core 2.3.1 - Charset SQL Injection

=== WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt 1. Summary...

openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2340)

The previous phpMyAdmin update accidentally renamed the config file and moved it into a different directory. This update corrects this erroneous behavior. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Moderate: aide security update

0.13.1-2.0.4 - Added the correct new config file Related: rhbz252331 0.13.1-2.0.3 - Fixed file permissions to please release criteria Related: rhbz252331 0.13.1-2.0.2 - Removed saved copies of patched scripts Related: rhbz252331 0.13.1-2 - Fixed a typo Related: rhbz252331 0.13.1-1 - Rebased to...

Vavoom 1.24 - &#039;p_thinker.cpp VThinker::BroadcastPrintf&#039; Multiple Remote Overflows

source: https://www.securityfocus.com/bid/25436/info Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue. An attacker can exploit these issues to execute arbitrary code within the context of the affected...

PT-2007-5470 · Frontaccounting · Frontaccounting

Name of the Vulnerable Software and Affected Versions: FrontAccounting version 1.12 Build 31 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to root parameter in the config.php file. Recommendations: For FrontAccounting version 1.12 Build 31,...