64 matches found
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...
W3Mail 1.0.2 выполнение команд
Hi! Я обнаружил возможность выполнения команд в W3Mail 1.0.2. Это мощная система для работы с почтой. Это что-то вроде многопользовательского mail-клиента с web интерфейсом. Главная дыра находится в скрипте delete.cgi. Вот кусок кода файла delete.cgi: ... берём логин, пасс и сервак с ящиком...
HP-UX 10.20/11.0 - '.SNMPD' File Permission
source: https://www.securityfocus.com/bid/1327/info A vulnerability exists in the snmpd included with HPUX 11, from Hewlett Packard. The configuration file for the snmpd is world writable. This could allow any user on the system to view and/or alter the settings of the snmp daemon. This in turn...
Stalker CommuniGate Pro 3.2.4 - Arbitrary File Read
source: https://www.securityfocus.com/bid/1493/info A vulnerability exists in the CommuniGate Pro product, from Stalker. It is possible to exploit this vulnerability to read arbitrary files on the filesystem. As CommuniGate Pro runs as root, any file can be accessed. Using this flaw, it is possib...