Joe Text Editor 2.8 .joerc Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools. A problem in the...

EZ Publish 2.2.7/3.0 site.ini Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7347/info eZ Publish has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish...

KDE 1.1.2 KApplication configfile vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary fil...

Centrinity FirstClass Desktop Client 7.1 - Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10074/info It has been reported that FirstClass Desktop Client may be prone to a local buffer overflow vulnerability that could allow attackers to execute arbitrary code on a vulnerable system that may lead to elevated...

CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrda...

Address Book Script 1.09 - Local File Inclusion

No description provided by source. Securitylab.ir Application Info: Name: Address Book Script Version: 1.9 Vendor: http://www.phpkobo.com/addressbook.php Vulnerability Info: Type: Local File Inclusion Risk: Medium Vulnerability:...

TS Special Edition <= 7.0 - Multiple Vulnerabilities

No description provided by source. TS Special Edition = v.7.0 Multiple Vulnerabilities Dork: Powered by TS Special Edition Site: http://templateshares.net Download: http://templateshares.net/special/purchase Reported on 02/05/2010 Author: IHTeam See any seed/leech files of any users 1 Open any...

ImpressPages CMS 3.6 - manage() Function Remote Code Execution Exploit

No description provided by source. ?!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management...

Cisco DPC2420 Multiples Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware:...

DM FileManager 3.9.4 - Remote File Disclosure Vulnerability

No description provided by source. + DM FileManager 3.9.4 Remote File Dislosure Vulnerability + Author : Stack + Greetz : V4 Team & Sec R1z + Download Script : http://www.dutchmonkey.com/?file=products/dm-filemanager/downloadresponse.html&download=direct + Xpl : +...

MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure

No description provided by source. MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure Bug Found & Exploited by Kingcope May 2010 The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can be accessed remotel...

PhpMyAdmin Config File Code Injection

漏洞位置在scripts/setup.php 1315行开始： case 'save': $config = @fopen'./config/config.inc.php', 'w'; //以写的方式打开 if $config === FALSE message'error', 'Could not open config file for writing! Bad permissions?'; break; $s = getcfgstring$configuration; //$configuration = unserialize$POST'configuration'; $r =...

phpGB 1.1/1.2 PHP Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...

Matt Kruse Calendar Script 2.2 Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two...

Super Guestbook 1.0 Sensitive Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7319/info Super Guestbook has been reported prone to a sensitive information disclosure weakness. An attacker may disclose sensitive information regarding the Super Guestbook install by sending a HTTP request for a Guest...

PHPSlash 0.5.3 2/0.6.1 URL Block Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash users who can 'edit' URL...

Fhimage 1.2.1 - Remote Index Change Exploit

No description provided by source. !/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1...

Working Resources 1.7.3 BadBlue Null Byte File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5226/info BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a BadBlue server containing a...

Apple QuickTime/Darwin Streaming MP3Broadcaster 0 ID3 Tag Handling Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7660/info MP3Broadcaster is shipped as part of Darwin Streaming Server software. MP3Broadcaster has been reported prone to a vulnerability when processing malicious ID3 tags. This is likely due to insufficient sanity chec...

SuSE Linux Professional 8.2 SuSEWM Configuration File Insecure Temporary File Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8778/info A problem exists in the SuSEWM configuration file used by SuSEConfig. Because of this, it may be possible for a local attacker to gain elevated privileges. / Proof of Concept for SuSEconfig.vmware Symbolic Link...