CVE-2007-4842

CVE-2007-4842 affects Enriva Development Magellan Explorer 3.32 build 2305 and earlier. It describes a directory traversal via .. in a filename that remote FTP servers can use to create/overwrite arbitrary files. The note indicates this can be leveraged for code execution by writing to a Startup ...

CVE-2007-4842

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...

PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: safemode & openbasedir bypass ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits =========== 1 Introduction =========== "PHP is a widely-used general-purpose scripting...

PHP <=5.2.4 open_basedir bypass & code exec & denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1...

[SECURITY] Fedora 7 Update: qgit-1.5.7-1.fc7

With qgit you are able to browse revisions history, view patch content and changed files, graphically following different development branches...

Lighttpd <= 1.4.16 FastCGI Header Overflow Remote Exploit

No description provided by source. / Remote Lighttpd + FastCGI + PHP example exploit Tested with Lighttpd 1.4.16 and PHP 5.2.4 To avoid abuse there's a "remove me" in the code. Example: ./exploit localhost 80 /etc/passwd or wget --referer="?php system'/usr/bin/id'; ?" localhost ./exploit localhos...

php524-basedir.txt

Application: PHP dll . / Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept ...

[HISPASEC] 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal

HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal Class : Remote Directory Traversal Threat level : HIGH Discovered : 2007-08-14 Published : 2007-09-06 Credit : Gynvael Coldwind Vulnerable : 3.32 built...

PHP <= 5.2.4 multiple Iconv functions denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service function: iconv,iconvstrlen,iconvmimedecode,iconvmimedecodeheaders special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4...

PHP < 5.2.3 fnmatch() denial of service

Application: PHP 5.2.3 Web Site: http://php.net Platform: unix Bug: denial of service fonction: fnmatch special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

PHP < 5.2.4 setlocale() denial of service

Application: PHP 5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service fonction: setlocale special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

PHP <=5.2.4 iconv_substr() denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service function: iconvsubstr special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

SOL7854 - Web Applications Content Processing Scripts vulnerability

F5 Product Development tracked this issue as CR81839 and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes. Additionally, cumulative hotfix HF-552-10 has been issued for FirePass 5.5.2, cumulative hotfix HF-600-15 has been issued for FirePass 6.0...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : java (jre, jdk) (SSA:2007-243-01)

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 Updated versions of both the jre and jdk packages are provided whic...

[slackware-security] java (jre, jdk)

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 Updated versions of both the jre and jdk packages are provided whic...

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

qt security update

CentOS Errata and Security Advisory CESA-2007:0721 Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

Windows RSH daemon 1.7 Remote Buffer Overflow Exploit

No description provided by source. / Attached and in-line is an exploit for a newly announced item on the WabiSabiLabi auction block. I hope this completely devalues the item so that the original finder dies of starvation. DON'T SELL BUGS THROUGH WABISABILABLA USE EXPLOITS TO HACK COMPUTERS INSTE...