Buffer overflow

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDSPLUGINNAME string in a plug-in configuration file...

CVE-2012-6568

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDSPLUGINNAME string in a plug-in configuration file...

CVE-2013-0947

EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a 1 log file or 2 configuration file...

Design/Logic Flaw

EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a 1 log file or 2 configuration file...

CVE-2013-0947

EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a 1 log file or 2 configuration file...

CVE-2013-3505

The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a 1 log file or 2 configuration file...

CVE-2013-3505

The CVE-2013-3505 issue affects the Nagios-App component in GroundWork Monitor Enterprise 6.7.0. Affected behavior: remote authenticated users can bypass intended access restrictions by directly requesting either a log file or a configuration file. Root cause stated in sources: improper access co...

xiuno bbs Forum background code execution Getshell vulnerabilities attached to the use of the method-vulnerability warning-the black bar safety net

Official description: Xiuno the name comes from the Saint Seiya Aries gold Saint Seiya Shura, his attack speed and combat effectiveness is zodiac the strongest, he is the speed and power of the incarnation; in the Buddhist inside, Shura is a six Channel One, in the humanity and heaven, between,...

Linksys EA2700 arbitrary file traversal vulnerability-vulnerability warning-the black bar safety net

Brief description: This router software has never carried out security penetration testing, in the not logged in case you can easily get the router/etc/passwd file or other configuration file. Detailed description: This router software has never carried out security penetration testing, in the no...

Cisco IOS Smart Install Configuration File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to...

Netgear WNR1000 - Authentication Bypass

Exploit for hardware platform in category web applications The web server running on the affected devices is subject to an authentication bypass issue that allows attacker to gain administrative access, circumventing existing authentication mechanisms. Strictly speaking, the web server skips...

NETGEAR WNR1000 - Authentication Bypass

NETGEAR WNR1000 - Authentication Bypass Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter:...

Weave a dream(Dedecms)V5. X local file inclusion vulnerability-vulnerability warning-the black bar safety net

Release time: 2013-03-29 GMT+0 8 0 0 Vulnerability version: DedeCms 5. x Vulnerability description: DedeCms is a free PHP web content management system. plus/carbuyaction. php has no variable strict filtering Vulnerabilities of the two files is: Include/payment/alipay.php Include/payment/yeepay.p...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

Race condition

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

Debian DSA-2649-1 : lighttpd - fixed socket name in world-writable directory

Stefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...

[SECURITY] [DSA 2649-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2649-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2649-1 (lighttpd - fixed socket name in world-writable directory)

Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...

South Korea HOMPYNET CMS vulnerability-vulnerability warning-the black bar safety net

Upload vulnerability : http://www.xxx.com/admin/imageadmin3.php?boardid=&iname=&iform= http://www.xxx.com/admin/imageadmin2.php?boardid=&iname=&iform= Uploaded posterior diameter: http://www.xxx.com/biswebpage/images/shell.php.en Editor: http://www.xxx.com/admin/editor/SWE.php...

Nmap NSE 6.01: smb-psexec

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...