CVE-2007-5401

Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions...

CVE-2007-6676

The default configuration of Uber Uploader UU 5.3.6 and earlier does not block uploads of 1 .html, 2 .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via a uufileupload.php, related to uufileupload.js and b uberuploaderfile.php, relat...

CVE-2007-6676

The default configuration of Uber Uploader UU 5.3.6 and earlier does not block uploads of 1 .html, 2 .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via a uufileupload.php, related to uufileupload.js and b uberuploaderfile.php, relat...

CVE-2007-6676

The default configuration of Uber Uploader UU 5.3.6 and earlier does not block uploads of 1 .html, 2 .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via a uufileupload.php, related to uufileupload.js and b uberuploaderfile.php, relat...

CVE-2007-6499

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id IIS value."...

Design/Logic Flaw

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id IIS value."...

CVE-2007-6499

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id IIS value."...

CVE-2007-6499

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id IIS value."...

CVE-2007-6499

The CVE-2007-6499 entry concerns Hosting Controller 6.1 Hotfix 3.3 and earlier. Affected component: the FrontPage extensions uninstall feature via the fp2002/UNINSTAL.asp endpoint, where a remote authenticated user could trigger uninstall of FrontPage extensions for an arbitrary account by supply...

hc-multi.txt

Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...

[SECURITY] Fedora 8 Update: epiphany-extensions-2.20.1-4.fc8

Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser...

[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-6

Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser...

Fedora 7 : epiphany-extensions-2.18.3-2 (2007-1155)

Updated Firefox packages that fix several security bugs are now available for Fedora 7. Users of epiphany-extensions are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding descriptio...

Fedora 7 : blam-1.8.3-7.fc7 / epiphany-extensions-2.18.3-4 (2007-2668)

An update to Firefox version 2.0.0.8 was recently pushed which resolves some security issues. Users of Blam and Epiphany Extensions are advised to upgrade to these erratum packages, which have been rebuilt against the updated Firefox packages. Note that Tenable Network Security has extracted the...

CIFS should honor umask

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS...

CVE-2007-5738

The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html...

GNUBoard上传漏洞

GNUBoard是在韩国的一个应用广泛的BBS系统，由于一些程序对输入缺少过滤，可以导致任意文件上传，甚至以WEB权限执行系统命令，WEB权限默认情况下是nobody。 GNUBoard 暂无 $source = array "/.php/", "/.htm/", "/.cgi/", "/.pl/"; $target = array ".phpx", ".htmx", ".cgix", &q...

[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-4

Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser...

Boa 0.93.15 HTTP Basic Authentication Bypass Exploit

No description provided by source. / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ---- !/usr/bin/env...