445 matches found
7 php scripts File Inclusion / Source disclosure Vuln
Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...
Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure
Exploit for multiple platform in category local exploits ===================================================================== Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure ===================================================================== Date: 14 Jun 2006 Vendor: Sun...
CVE-2006-2829
Buffer overflow in Hawk Monitoring Agent HMA for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent TRA before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma...
CVE-2006-2677
SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information...
WebCalendar-1.0.3 reading of any files
Version: WebCalendar-1.0.3 Type: Reading of any files Description: ----------------------------- includes/config.php: line 64 if ! empty $includedir $fd = @fopen "$includedir/settings.php", "rb", true ; ...... while ! feof $fd $data .= fgets $fd, 4096 ; $configLines = explode "n", $data ; for $n ...
PHPSurveyor <= 0.995 (surveyid) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================================ PHPSurveyor works regardless of magicquotes gpc settings \r\n"; echo " with at least one row in 'surveys' table \r\n"; echo " and if we succeed to include logs \r\n"; echo...
PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...
PHP.EXE / Apache HTTP Server Win32 Arbitrary File Reading Vulnerability - Active Check
A configuration vulnerability exists for PHP.EXE cgi running on Apache HTTP Server for Win32 platforms. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2004-2353
BugPort before 1.099 stores its configuration file conf/config.conf under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information...
Serendipity <= 1.0-beta2 Blog Configuration PHP Code Injection
Binary data 3518.prm...
ISS BlackIce Server Protect Unprivileged User Attack
Release Date: August 11, 2004 Severity: Medium Vendor: Internet Security Systems Software: BlackIce Server Protect 3.6cno and below Remote: Remotely Executable from Local and Trusted Networks Vulnerabilities: Unpriviledged User Attack Technical Details: Unpriviledged User Attack was originally...
majordomo_leakage.txt
------------------------------------------------------------------------------- Title : Majordomo info leakage all versions Date : 03/02/2003 Article by : Marco van Berkum [email protected] Bug finder : Jakub Klausa [email protected] Investigated by : Jakub Klausa and Marco van Berkum...
Apache Win32 ScriptAlias php.exe Arbitrary File Access
A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (3)
source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...
[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability
---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...
CVE-1999-1346
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file...
CVE-2001-1065
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack...
CVE-2001-0326
Oracle Java Virtual Machine JVM for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the FilePermission...
PHP Security Advisory - Apache Module bugs
Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...
CVE-2000-1100
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request...