793 matches found
Code injection
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the 1 X-Forwarded-For and 2 Client-Ip HTTP headers, which are stored in Data/flood.db.php...
Buffer overflow in the principles of the vernacular of the draft-vulnerability warning-the black bar safety net
First of all,to be described herein to explain the appeal of merely vernacular. Just say some ideas, After all, I also feel trepidation. There is nothing any not understand of place,as long as you can adhere to after reading this article, It will preliminary understand the buffer overflow concept...
Множественные уязвимости в SimpleViewerAdmin
+++++++++++++++++++++++++++++++++++++++++++++++ Множественные уязвимости в SimpleViewerAdmin +++++++++++++++++++++++++++++++++++++++++++++++ Затронутые продукты: SimpleViewerAdmin v1.7, возможно и более ранние версии. +++++++++++++++++++++++++++++++++++++++++++++++ Описание: SimpleViewerAdmin - э...
CVE-2005-1648
Gurgens GASoft Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords...
CVE-2005-1647
CVE-2005-1647 affects Gurgens (GASoft) Guest Book 2.1. The vulnerability arises because db/Genid.dat is stored under the web document root with insufficient access control, allowing remote attackers to obtain and decrypt usernames and passwords. Red Hat and CVE listings corroborate this issue. Th...
CVE-2005-1055
CVE-2005-1055 (TowerBlog): TowerBlog 0.6 and earlier stores the login data file under the web root, enabling remote access to the file via a direct request to the _dat/login path. This exposes MD5 checksums of usernames and passwords, constituting a partial confidentiality impact. The connected r...
CVE-2005-0229
CVE-2005-0229 affects CitrusDB up to version 0.3.5, where a temporary file newfile.txt is stored under the web root and can be accessed via HTTP (e.g., /io/newfile.txt), enabling remote attackers to exfiltrate credit card data. The vulnerability arises from storing sensitive data in a web-accessi...
Множество уязвимостей в Ultimate PHP Board (UPB) Version 1.5
Множество уязвимостей в Ultimate PHP Board UPB Version 1.5 Script: Ultimate PHP Board UPB Version 1.5 Author: PHP Outburst http://www.myupb.com/ Exploit: yes В скриптах: adminmembers.php adminban.php adminbannedaddresses.php adminbanuser.php admincat.php adminconfig.php adminconfigdo.php...
CVE-2002-0259
InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in 1 .pwd files in the miniportal/apache directory, or 2 mplog.txt, which could allow local users to gain privileges...
InstantServers MiniPortal Multiple Vulnerabilities
Strumpf Noir Society Advisories ! Public release ! -- -= InstantServers MiniPortal Multiple Vulnerabilities =- Release date: Saturday, February 9, 2002 Introduction: InstantServers' MiniPortal provides a complete solution for fast and easy web site hosting on a Windows PC. It features a Apache-...
CVE-1999-0854
CVE-1999-0854 affects Ultimate Bulletin Board. The issue arises because data files are stored in the cgi-bin directory, enabling remote viewing by an attacker when the HTTP server erroneously tries to execute such files. Documentation in PT-1999-1407 confirms affected software but does not specif...
linuxfs.txt
http://www.rootshell.com/ Date: Sun, 5 Jul 1998 10:12:43 +0200 From: Michal Zalewski Subject: Linux kernel filesystem oddities -----BEGIN PGP SIGNED MESSAGE----- Any amount of data, overriding quotas and kernel resource limits, can be stored in root-owned +t directory like /tmp - inside...
topdesk.passwd.txt
Date: Mon, 15 Feb 1999 14:05:52 GMT From: dapozza To: [email protected] Subject: lame TOPdesk program encryption Hi all, I was just playing with a program called TOPdesk, it's a helpdesk program and you have the usual login for normal users and superusers. I don't know if this is a Dutch only...