MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure

No description provided by source. MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure Bug Found & Exploited by Kingcope May 2010 The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can be accessed remotel...

Apple QuickTime/Darwin Streaming MP3Broadcaster 0 ID3 Tag Handling Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7660/info MP3Broadcaster is shipped as part of Darwin Streaming Server software. MP3Broadcaster has been reported prone to a vulnerability when processing malicious ID3 tags. This is likely due to insufficient sanity chec...

SuSE Linux Professional 8.2 SuSEWM Configuration File Insecure Temporary File Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8778/info A problem exists in the SuSEWM configuration file used by SuSEConfig. Because of this, it may be possible for a local attacker to gain elevated privileges. / Proof of Concept for SuSEconfig.vmware Symbolic Link...

KDE 1.1.2 KApplication configfile vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary fil...

Static HTTP Server 1.0 - SEH Overflow

No description provided by source. !/usr/bin/env python import os TitleStatic HTTP Server SEH Overflow - HTTP Config - httptiplist Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators...

AutomatedShops WebC 2.0/5.0 Symbolic Link Following Configuration File Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7272/info It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous...

Xen 3.0.3 pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25825/info Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script. Thi...

Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability

No description provided by source. Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03 - Develope...

Netgear FM114P Wireless Firewall File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6807/info Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the...

Webfwlog <= 0.92 (debug.php) Remote File Disclosure Vulnerability

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + D.Script:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/webfwlog-0.92.tbz + D.Scrpit:http://webfwlog.sourceforge.net/...

Frox 0.7.18 Arbitrary Configuration File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14711/info Frox is prone to a vulnerability that permits read access to arbitrary files. Successful exploitation of this vulnerability will grant the attacker read access to arbitrary files on the system in the security...

Working Resources 1.7.3 BadBlue Null Byte File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5226/info BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a BadBlue server containing a...

Crimson Editor SEH Overwrite Vulnerability

No description provided by source. A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system. Successful exploitation of this vulnerability allows an attacker to execute arbitrary...

Fhimage 1.2.1 - Remote Command Execution Exploit (mq = off)

No description provided by source. !/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1...

MyBlog 0.9.8 Multiple Remote Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30310/info MyBlog is prone to multiple information-disclosure vulnerabilities because the application fails to properly restrict access to sensitive files. An unprivileged attacker may exploit these issues to obtain...

QNX RTOS 4.25 CRTTrap File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place of th...

Invision Board 1.1.1 ipchat.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote use...

Simple Machine Forum 2.0.x < 2.0.4 File Disclosure/Path Traversal

No description provided by source. Exploit Title: SMF 2.0.4 File Disclosure/Path Traversal Google Dork: Powered by SMF 2.0.x Date: 02/02/2013 Exploit Author: NightlyDev Software Link: http://download.simplemachines.org/index.php?thanks;filename=smf2-0-3install.zip Version: 2.0.x 2.0.4 Tested on:...

Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution

No description provided by source. Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected]...

TightAuction 3.0 Config.INC Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible for remote attackers...