IBM Sametime Meet Server 8.5 Arbitrary File Upload

Exploit Title: IBM Sametime Meet Server 8.5 Arbitrary File Upload Google Dork: intitle:"New Meet - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3088...

eyeos <= 1.9.0.2 - Stored XSS vulnerability using image files

No description provided by source. Title: eyeOS = 1.9.0.2 Stored XSS vulnerability using image files Product: eyeOS = 1.9.0.2 Author: Alberto Ortega @a0rtega albertoatpentboxdotnet http://securitybydefault.com/ - Summary: A stored XSS vulnerability using image files jpg, png, gif tested affects t...

Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13837/info Microsoft Outlook Express is prone to an attachment file extension obfuscation vulnerability that may present a risk under certain configurations. The issue manifests due to Microsoft Outlook Express behavior...

Geeklog <= 1.6.0sr2 - Remote File Upload

No description provided by source. ============================================================================== Geeklog = v1.6.0sr2 - Remote File Upload Discovered: JaL0h Software Site: http://www.geeklog.net Dork: By Geeklog Created this page in +seconds +powered...

Shadowed Portal <= 5.7d3 Remote Command Execution Exploit

No description provided by source. !/usr/bin/python -- coding: iso-8859-15 -- ''' / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / ------------------------------------------------------------------------------------------------ This is a Public...

Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1190/info Sending a specially crafted URL containing malformed file extension information to Microsoft IIS 4.0/5.0 will consume CPU usage until it reaches 100% which will halt the program's services. Restarting the...

imacs CMS 0.3.0 - Unrestricted File Upload Exploit

No description provided by source. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS...

AspxCommerce 2.0 - Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability Exploit Author: SANTHO Vendor Homepage: http://www.aspxcommerce.com/ Version: Version 2.0 and below Introduction: AspxCommerce is a complete e-Commerce solution for setting up a fully...

Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26939/info Apache is prone to an information-disclosure vulnerability. This issue occurs because Apache fails to properly associate file extensions with the correct engines when handling specially crafted requests for fil...

iScripts SocialWare 2.2.x Arbitrary File Upload Vulnerability

No description provided by source. /iScripts SocialWare 2.2.x Arbitrary File Upload Vulnerability Name iScripts SocialWare Vendor http://www.iscripts.com Versions Affected 2.2.x Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com...

Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability

No description provided by source. ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team. Overview:...

DM Filemanager 3.9.11 Arbitrary File Upload Vulnerability

No description provided by source. ?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Vendor: www.dutchmonkey.com Download :...

Constructr CMS 3.03 Arbitrary File Upload

No description provided by source. !/usr/bin/env perl Constructr CMS 3.03 Arbitrary File Upload Author: plucky Email: [email protected] Vulnerable Page: /constructr/backend/media.php line App Download: http://sourceforge.net/projects/constructr/ Date: 23/03/2011 THX TO: yawn, shrod, h473 and...

adaptbb 1.0b Multiple Vulnerabilities

No description provided by source. Salvatore drosophila Fresta + Application: AdaptBB + Version: 1.0 Beta + Website: http://sourceforge.net/projects/adaptbb/ + Bugs: A Multiple Blind SQL Injection B Multiple Dynamic Code Execution C Arbitrary File Upload + Exploitation: Remote + Date: 09 Apr 2009...

Yahoo! Messenger 8.0.0.863 File Extension Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19353/info A vulnerability in Yahoo! Messenger allows remote attackers to spoof file extensions. This issue is due to a design error. An attacker may leverage this issue to spoof downloaded filenames to unsuspecting users...

Input validation

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 double extension or 2 .php5, 3 .phtml, or some other PHP file extension...

phpdisk V7 注入一枚(直接出数据)。

简要描述： PHPDisk网盘系统 v7.0 20140529更新： 修正网盘云上传无法显示文件 部分主机无法使用系统验证码 端午放假,躁起来。 详细说明： WooYun: phpdisk V7 sql注入2 在爆了这个洞之后 看看phpdisk怎么修复的。 $file = unserializebase64decode$data; /foreach$file as $k=$v $file$k = $db-escape$file$v; / //没搞懂这里为什么要注释掉 如果不注释掉还不会出现这问题。 $filefileid = int$filefileid; $filefilesize ...

CVE-2014-2720

IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...

Design/Logic Flaw

IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...

CVE-2014-2720

IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as...