1285 matches found
fastjar: directory traversal vulnerabilities
Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an...
FreeBSD : php -- corruption of $GLOBALS and $this variables via extract() method (f3148a05-0fa7-11e0-becc-0022156e8794)
Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeB...
Fedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)
Security Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method possible CWE-170. - Paths with NULL in them foo\0bar.txt are now considered as invalid CVE-2006-7243. - Fixed a possible double free in imap extension Identified by Mateusz Kocielski. CVE-2010-4150. - Fixed NULL...
PHP Zip Extract method denial of service vulnerability-vulnerability warning-the black bar safety net
Affected system: PHP PHP 5.3.3 PHP PHP 5.3.2 PHP PHP 5.3.1 PHP PHP 5.3 PHP PHP 5.2 - 5.3.2 Not affected system: PHP PHP 5.3.4 PHP PHP 5.2.15 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 4 5 3 3 5 PHP is a widely-used General-purpose...
PHP 5.2.x < 5.2.15 Multiple Vulnerabilities
Binary data 801097.prm...
PHP 5.2 < 5.2.15 Multiple Vulnerabilities
According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.15. Such versions may be affected by several security issues : - A crash in the zip extract method. - A possible double free exists in the imap extension. CVE-2010-4150 - An unspecified flaw exists in...
PHP 5.3.x < 5.3.4 Multiple Vulnerabilities
Binary data 5732.prm...
PHP 5.3 < 5.3.4 Multiple Vulnerabilities
Binary data 801074.prm...
php -- corruption of $GLOBALS and $this variables via extract() method
Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used...
Sablog-X v2.x 任意变量覆盖漏洞
由于Sablog-x v2.x的common.inc.php里$EVO初始化处理存在逻辑漏洞,导致可以利用extract来覆盖任意变量,最终导致xss、sql注射、代码执行等很多严重的安全漏洞。 common.inc.php代码里: .... $onoff = functionexists'iniget' ? iniget'registerglobals' : getcfgvar'registerglobals'; if $onoff != 1 @extract$COOKIE, EXTRSKIP; @extract$POST, EXTRSKIP; @extract$GET,...
mysql_error() XSS Vulnerability
不正确使用mysqlerror导致的Vul。当然前提是$db可以覆盖,那么就很鸡肋了,或者就不能叫Vul了,O∩∩OJust For Fun mysqlerror http://hi.baidu.com/menzhi007/blog/item/7583dc0390316d7d3912bbbf.html ?php $db='menzhi007'; extract$GET; $link = mysqlconnect"localhost", "root", ""; mysqlselectdb$db, $link; echo mysqlerror$link; ?...
Web mirroring
This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host. It is suggested that you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror. SPDX-FileCopyrightText: 2009 Renaud...
FreeWebShop Detection
Detection of FreeWebShop. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
php vulnerability session register_globals login security-vulnerability warning-the black bar safety net
The first to see this a simple piece of code When php. ini in the configuration registerglobals = Off, Without any problems, Output yes But When php. ini in the configuration registerglobals = On time, First run output yes And refresh, the display is no Obviously this is not normal, This is a ver...
Directory traversal
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...
CVE-2008-6334
The CVE-2008-6334 entry concerns a directory traversal vulnerability in the download.php component of the eMetrix Extract Website, allowing remote attackers to read arbitrary files by supplying a .. in the filename parameter. This vulnerability is documented across multiple sources (NVD, CVEList,...
Fedora Update for exiv2 FEDORA-2007-4551
Check for the Version of exiv2 OpenVAS Vulnerability Test Fedora Update for exiv2 FEDORA-2007-4551 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Fedora Update for chmsee FEDORA-2008-8399
Check for the Version of chmsee OpenVAS Vulnerability Test Fedora Update for chmsee FEDORA-2008-8399 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Extract Website - Filename File Disclosure
Extract Website - Filename File Disclosure Extract Website download.php filename Local File Include author : Cold z3ro, http://www.hackteach.org/ script : http://secure.emetrix.com/order/product.asp?PID=74332316 demo : http://www.rightscripts.com/extractwebsite/ about : This tool help you extract...
Extract Website (download.php filename) File Disclosure Vulnerability
Exploit for unknown platform in category web applications ===================================================================== Extract Website download.php filename File Disclosure Vulnerability ===================================================================== Extract Website download.php...