SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599

These vulnerabilities are described as methods under which an attacker could generate a PNG file that would cause applications that use libpng to execute arbitrary code. Since an attacker would require root access to the BIG-IP or 3-DNS in order to exploit this vulnerability, it is considered to ...

SOL4743 - Inadequate validation for TCP segments CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

GLSA-200704-17 : 3proxy: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200704-17 3proxy: Buffer overflow The 3proxy development team reported a buffer overflow in the logurl function when processing overly long requests. Impact : A remote attacker could send a specially crafted transparent request to...

WebSpeed Development Mode Check

The remote web server is using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' rather than 'Production' mode, which could allow users to discover sensitive information and even run...

WebSpeed Workshop Arbitrary Command Execution

The remote web server appears to be using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' mode and allows access to the WebSpeed Workshop, an environment intended for developing...

CVE-2007-2178

Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service daemon crash via unspecified vectors...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2007-2178

CVE-2007-2178 affects Objective Development Sharity prior to 3.3. The vulnerability set allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. The connected documents provide the affected product and impact but do not specify the root cause, exact exploit vec...

CVE-2007-2178

Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service daemon crash via unspecified vectors...

CVE-2007-2089

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...

CVE-2007-2089

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...

CVE-2007-2089

The CVE-2007-2089 entry covers multiple PHP remote file inclusion (RFI) vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo/Joomla!. The underlying issue is unsafe handling of the absolute_path parameter to com_articles.php, in either components/ or classes/html/, al...

joomlanew-rfi.txt

======================================================= Mambo/Joomla Component New Article Component = 1.1 absolutepath Multiple RFI ======================================================= Found By : Cold z3ro , [email protected] ======================================================= Homepag...

PHP Hash_Update_File释放资源访问代码执行漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP hashupdatefile存在设计错误，远程攻击者可能利用此漏洞获得对释放内存的访问并使用恶意数据覆盖而执行任意代码。 问题存在于GD函数中，在通过资源识别器获得资源数据后，可能用usercode来中断PHP函数，usercode就会会破坏资源，并获取与其内存相同位置来分配PHP字符串相同大小的空间作为释放资源。这个字符串可以用于建立特定构建的资源，以允许利用内部PHP函数，当恶意中断终止函数时，会继续使用替代资源数据。导致任意代码执行。 要获得需要的函数中断，通常需要放置对象到函数的某个参数中，这会在转化一个超长值时触发PHP错误。...

PHP GD扩展访问已释放资源漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP GD资源使用的机制上存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。...

[ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability

ECHOADV72$2007 ------------------------------------------------------------------------- ECHOADV72$2007 CARE2X rootpath Remote File Inclusion Vulnerability -------------------------- ---------------------------------------------- Author : Dedi Dwianto a.k.a theday Date Found : March, 13th 2007...

Talking about virtual communities, security bug found and exploit-vulnerability warning-the black bar safety net

Author:Wang gang This article published in the hacker Handbook magazine http://www.nohack.cn that the copyright of all, reproduced please indicate the source. Personal website: www.itheroes.cn Now on the network Forum and community there are many, the Forum, the vast majority are using some free ...

Company WebSite Builder PRO 1.9.8 - 'INCLUDE_PATH' Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV76$2007 -------------------------------------------------------------------------------------------- ECHOADV76$2007 Company WebSite Builder PRO INCLUDEPATH Remote File Inclusion Vulnerability...

Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Groupit 2.00b5 cbasepath Remote File Inclusion Vulnerability ===============================================================...