ITlearner CuteCounter V1. 6 background to obtain webshell-vulnerability warning-the black bar safety net

Source of information: unknown Into the Findtdinput name="RecordNum" type="text" id="RecordNum" value="1 0 0" size="4 0" maxlength="3"/tdmodify maxlength="3"maxlength="5 0"then look for form name="form1" method="post" action="? Action=SaveConfig"change to action=" For the 1 0 0 block input 1 0...

Multiple vulnerabilities in Liero Xtreme 0.62b

Luigi Auriemma Application: Liero Xtreme http://lieroxtreme.thegaminguniverse.com Versions: = 0.62b Platforms: Windows Bugs: A server crash/freeze B format string in the visualization function Exploitation: A remote, versus server B local/remote, versus clients Date: 06 Mar 2006 Author: Luigi...

Improper access control

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

CVE-2006-0843

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

CVE-2006-0843

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

Authentication flaw

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges...

Coppermine Photo Gallery <= 1.3.2 File Retrieval SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================================== Coppermine Photo Gallery By DiGiTALMiDWAY import urllib2, sys from urllib import urlencode import zipfile iflensys.argv2: print 'usage : %s http://host/Path/...

Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection

tested and approved /str0ke CPG Exploit File Retrieval by SQL Injection. By Default this exploit get the config.inc.php file which contains the db user/pass If you want to get another file you need to have the good cookie you can use this phpscript to get good cookie : By DiGiTALMiDWAY import...

Movable Type Config File Disclosure Vulnerability - Active Check

/mt/mt.cfg is installed by the Movable Type Publishing Platform and contains information that should not be exposed. SPDX-FileCopyrightText: 2004 Rich Walchuck Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Movable Type config file

/mt/mt.cfg is installed by the Movable Type Publishing Platform and contains information that should not be exposed. OpenVAS Vulnerability Test $Id: movabletypecfg.nasl 6053 2017-05-01 09:02:51Z teissa $ Description: Movable Type config file Authors: Rich Walchuck rich.walchuck at gmail.com...

CVE-2005-2962

The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password...

Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities

The version of Simple PHP Blog installed on the remote host allows authenticated attackers to upload files containing arbitrary code to be executed with the privileges of the web server userid. In addition, it likely lets anyone retrieve its configuration file as well as the user list and to dele...

JBoss 3.x4.0.2 - HTTP Request Remote Information Disclosure

JBoss 3.x4.0.2 - HTTP Request Remote Information Disclosure source: https://www.securityfocus.com/bid/13985/info JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplie...

CVE-2005-1705

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

CVE-2005-0194

Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...

CVE-2002-1595

Cisco SN 5420 Storage Router 1.15 and earlier allows attackers to read configuration files without authorization...

DEBIAN-CVE-2004-1076

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file...

SCSA028.txt

================================================= Security Corporation Security Advisory SCSA-028 Nuked-Klan Multiple Vulnerabilities ================================================= PROGRAM: Nuked-KlaN HOMEPAGE: http://www.nuked-klan.org VULNERABLE VERSIONS: b1.4, b1.5, SP2 RISK: MEDIUM/HIGH...

Kietu 2/3 - &#039;index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary...

Получение доступа к панели администрирования в Willwin&#39;s Web Voting v.1.0

Получение доступа к панели администрирования в Willwin's Web Voting v.1.0 Название скрипта: Willwin's Web Voting Уязвимая версия: v.1.0 Сайт производителя: http://willwin.plex.ru Автор: [email protected] Дата: 13th December 2003 Пароль для получения доступа к панели управления голосованием в...