Lucene search
+L

445 matches found

securityvulns
securityvulns
added 2006/10/11 12:0 a.m.130 views

7 php scripts File Inclusion / Source disclosure Vuln

Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...

7.2AI score
Exploits0
0day.today
0day.today
added 2006/06/18 12:0 a.m.28 views

Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure

Exploit for multiple platform in category local exploits ===================================================================== Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure ===================================================================== Date: 14 Jun 2006 Vendor: Sun...

6.9AI score
Exploits0
NVD
NVD
added 2006/06/05 8:6 p.m.18 views

CVE-2006-2829

Buffer overflow in Hawk Monitoring Agent HMA for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent TRA before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma...

6.8CVSS7.6AI score0.00473EPSS
Exploits0References7
NVD
NVD
added 2006/05/31 10:6 a.m.18 views

CVE-2006-2677

SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information...

5CVSS6.6AI score0.01377EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/05/31 12:0 a.m.33 views

WebCalendar-1.0.3 reading of any files

Version: WebCalendar-1.0.3 Type: Reading of any files Description: ----------------------------- includes/config.php: line 64 if ! empty $includedir $fd = @fopen "$includedir/settings.php", "rb", true ; ...... while ! feof $fd $data .= fgets $fd, 4096 ; $configLines = explode "n", $data ; for $n ...

1.7AI score
Exploits0
0day.today
0day.today
added 2006/02/20 12:0 a.m.35 views

PHPSurveyor <= 0.995 (surveyid) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================ PHPSurveyor works regardless of magicquotes gpc settings \r\n"; echo " with at least one row in 'surveys' table \r\n"; echo " and if we succeed to include logs \r\n"; echo...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.33 views

PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability

A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...

7.5CVSS0.4AI score0.24599EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.24 views

PHP.EXE / Apache HTTP Server Win32 Arbitrary File Reading Vulnerability - Active Check

A configuration vulnerability exists for PHP.EXE cgi running on Apache HTTP Server for Win32 platforms. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.5CVSS6.6AI score0.24599EPSS
Exploits1References2
NVD
NVD
added 2004/12/31 5:0 a.m.7 views

CVE-2004-2353

BugPort before 1.099 stores its configuration file conf/config.conf under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information...

5CVSS6.5AI score0.01388EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.21 views

Serendipity <= 1.0-beta2 Blog Configuration PHP Code Injection

Binary data 3518.prm...

7.5CVSS7.3AI score0.01423EPSS
Exploits1References2
securityvulns
securityvulns
added 2004/08/12 12:0 a.m.35 views

ISS BlackIce Server Protect Unprivileged User Attack

Release Date: August 11, 2004 Severity: Medium Vendor: Internet Security Systems Software: BlackIce Server Protect 3.6cno and below Remote: Remotely Executable from Local and Trusted Networks Vulnerabilities: Unpriviledged User Attack Technical Details: Unpriviledged User Attack was originally...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2003/02/04 12:0 a.m.35 views

majordomo_leakage.txt

------------------------------------------------------------------------------- Title : Majordomo info leakage all versions Date : 03/02/2003 Article by : Marco van Berkum [email protected] Bug finder : Jakub Klausa [email protected] Investigated by : Jakub Klausa and Marco van Berkum...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2002/01/25 12:0 a.m.66 views

Apache Win32 ScriptAlias php.exe Arbitrary File Access

A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...

7.5CVSS5.9AI score0.24599EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2002/01/13 12:0 a.m.30 views

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (3)

source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/10/16 12:0 a.m.212 views

[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition&#40;Virus Buster Corporate Edition&#41; Configuration File Disclosure Vulnerability

---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.27 views

CVE-1999-1346

PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file...

6.5AI score0.01489EPSS
Exploits0References1
NVD
NVD
added 2001/08/31 4:0 a.m.12 views

CVE-2001-1065

Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack...

5CVSS6.5AI score0.01081EPSS
Exploits0References2
NVD
NVD
added 2001/05/03 4:0 a.m.18 views

CVE-2001-0326

Oracle Java Virtual Machine JVM for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the FilePermission...

7.5CVSS6.5AI score0.05322EPSS
Exploits1References3
securityvulns
securityvulns
added 2001/01/16 12:0 a.m.46 views

PHP Security Advisory - Apache Module bugs

Problems ========= 1 PHP supports a configuration mechanism that allows users to configure PHP directives on a per-directory basis. Under Apache, this is usually done using .htaccess files. Due to a bug in the Apache module version of PHP, remote 'malicious users' might be able to create a specia...

0.3AI score
Exploits0
NVD
NVD
added 2001/01/09 5:0 a.m.13 views

CVE-2000-1100

The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request...

7.5CVSS6.3AI score0.05707EPSS
Exploits1References2
Rows per page
Query Builder