Chevereto 1.91 - '/Upload/engine.php?v' Traversal Arbitrary File Enumeration

source: https://www.securityfocus.com/bid/53448/info Chevereto Image Upload Script is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker m...

MyBB Avatar参数文件枚举信息泄露漏洞

BUGTRAQ ID: 37489 MyBB是一款流行的Web论坛程序。 在更改用户的头像时MyBB没有正确地过滤avatar参数便用于检查是否存在文件。由于仅在可确认文件存在的情况下才可以成功执行头像更改，这可能允许攻击者通过目录遍历攻击枚举出已有的文件。 MyBB 1.4.10 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://dev.mybboard.net/issues/617...

Microsoft Windows Media Player ScriptCommand信息泄漏漏洞

Bugraq ID: 35335 Microsoft Windows Media Player是一款流行的媒体播放程序。 Microsoft Windows Media Player处理媒体文件时不正确限制对部分功能的访问，远程攻击者可以利用漏洞获得敏感信息。 构建恶意媒体文件，诱使用户处理，可导致： -劫持嵌入WMP对象的WEB页中的子帧。 -可导致本地媒体文件枚举。 -可用于扫描内网IP地址。 -获得目标操作系统版本，语言和CPU类型。 -触发隐秘的FTP连接到任意站点。 Microsoft Windows Media Player 11 目前没有解决方案提供：...

CVE-2009-0142

Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service infinite loop via unspecified vectors related to "file enumeration logic."...

Race condition

Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service infinite loop via unspecified vectors related to "file enumeration logic."...

CVE-2009-0142

CVE-2009-0142 describes a race condition in the AFP Server of Apple Mac OS X 10.5.6 that can cause a denial of service (infinite loop) through unspecified vectors related to the file enumeration logic. The provided connected documents confirm the affected component and the nature of the impact, b...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

Sun Java Web Console < 3.0.5 Remote File Enumeration

According to its version, the installation of Sun Java Web Console on the remote host may allow a local or remote unprivileged user to determine the existence of files or directories in access restricted directories, which could result in a loss of confidentiality. C Tenable Network Security, Inc...

SMB Shares File Enumeration (via WMI)

Binary data wmienumfiles.nbin...

SMB Share Files Enumeration

By connecting to the remote host with the supplied credentials, this plugin enumerates files listed on the remote share and stores the list in the knowledge base so that it can be used by other plugins. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

[SA19338] Baby FTP Server File Enumeration Weakness

TITLE: Baby FTP Server File Enumeration Weakness SECUNIA ADVISORY ID: SA19338 VERIFY ADVISORY: http://secunia.com/advisories/19338/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: From remote SOFTWARE: Baby FTP Server 1.x http://secunia.com/product/1626/ DESCRIPTION: Ziv Kami...

IBM AIX 5.3 - GetShell GetCommand File Enumeration

IBM AIX 5.3 - GetShell GetCommand File Enumeration source: https://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able t...

IBM AIX 5.3 - &#039;GetShell&#039; / &#039;GetCommand&#039; File Enumeration

source: https://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. -bash-3.00$./getCommand.new...

Walla TeleSite 3.0 - ts.cgi File Existence Enumeration

Walla TeleSite 3.0 - ts.cgi File Existence Enumeration source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path...

Walla TeleSite 3.0 - ts.exe?sug SQL Injection

Walla TeleSite 3.0 - ts.exe?sug SQL Injection source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosur...

Walla TeleSite 3.0 - ts.exe?sug Cross-Site Scripting

Walla TeleSite 3.0 - ts.exe?sug Cross-Site Scripting source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path...

Walla TeleSite 3.0 - ts.exe?tsurl Arbitrary Article Access

Walla TeleSite 3.0 - ts.exe?tsurl Arbitrary Article Access source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and...

Walla TeleSite 3.0 - &#039;ts.exe?sug&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and...

Walla TeleSite 3.0 - &#039;ts.exe?tsurl&#039; Arbitrary Article Access

source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and...