CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

CVE-2009-3461

Adobe Acrobat 9.x before 9.2 is affected by an unspecified vulnerability that allows bypassing intended file-extension restrictions via unknown vectors. The issue affects Acrobat on affected builds and can lead to complete confidentiality/integrity/availability impact per CVSS 9.3. Remediation re...

Mambo 4.6.3 arbitrary file upload

Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...

Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution

Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution Advisory: Papoo CMS: Authenticated Arbitrary Code Execution The Papoo CMS allows authenticated users to upload GIF, JPG and PNG images if they have the "upload images" privilege, which is true for all default groups that can access the...

Teach you the use of cmd cheat anti-virus and firewall-vulnerability warning-the black bar safety net

我们 可以 把 SkSockServer.exe 更改 为 sk.jpg In this case, antivirus software will not check out. In direct double-click to perform the change through the extension of the program time, the system will ask in what way open, that is to say windows didn't recognize it. But we in the cmd command line it can...

SugarCRM 5.2.0e - Remote Code Execution

SugarCRM 5.2.0e - Remote Code Execution SugarCRM 5.2.0e Remote Code Execution Name Remote Code Execution in SugarCRM Systems Affected Sugar CRM 5.2.0e and possibly earlier versions Severity High Impact CVSSv2 High 8/10, vector: AV:N/AC:L/Au:S/C:P/I:C/A:P Vendor http://www.sugarcrm.com Advisory...

Windows 7 retains Windows Explorer security risk

From InformationWeek Thomas Claburn Windows 7 RC is now available, but Microsoft’s new operating system could use a bit more tinkering to improve security. Specifically, Windows Explorer provides a way to hide a file’s extension. Virus writers use this feature to disguise executable files as...

Using cmd hide from anti-virus and firewall method-vulnerability warning-the black bar safety net

我们 可以 把 SkSockServer.exe 更改 为 sk.jpg In this case, antivirus software will not check out. In direct double-click to perform the change through the extension of the program time, the system will ask in what way open, that is to say windows didn't recognize it. But we in the cmd command line it can...

Lanius CMS 0.5.2 - Arbitrary File Upload

Lanius CMS 0.5.2 - Arbitrary File Upload = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if isset$allowedext 57. $ext = fileext$thyname; 58. if $ext==='' || !inarray$ext, $allowedext...

Family Connection 1.8.2 File Upload

Salvatore "drosophila" Fresta + Application: Family Connection + Version: uploadDocument$FILES'doc''type', $FILES'doc''name', $FILES'doc''tmpname' ... function uploadDocument $filetype, $filename, $filetmpname global $LANG; $knownphototypes = array'application/msword' = 'doc', 'text/plain' = 'txt...

SkaDate Online 7 Remote Shell Upload Vulnerability

No description provided by source. SkaDate Dating Remote Shell Upload Script: http://www.bpowerhouse.com/demos/traveling ---------------------------------------------------------- home: yildirimordulari.com online if you wanna hel you must register to my site and ý will do help tp you xD home:...

SkaDate Online 7 Shell Upload

SkaDate Dating Remote Shell Upload Script: http://www.bpowerhouse.com/demos/traveling ---------------------------------------------------------- home: yildirimordulari.com online if you wanna hel you must register to my site and ý will do help tp you xD home: yildirimordulari.com eger yardim...

SkaDate Online 7 - Arbitrary File Upload

SkaDate Dating Remote Shell Upload Script: http://www.bpowerhouse.com/demos/traveling ---------------------------------------------------------- home: yildirimordulari.com online if you wanna hel you must register to my site and ý will do help tp you xD home: yildirimordulari.com eger yardim...

Code injection

The SaveDoc method in the AllInTheBox.AllBox ActiveX control in ALLINTHEBOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by ...

Gallery Kys 1.0 Password Disclosure / XSS

START 0x01 Informations: Script : Gallery Kys 1.0 Download : http://www.advancescripts.com/djump.php?ID=6285 Vulnerability : Admin Password Disclosure / Permanent XSS Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Password Disclosure Bugged file is:...

CVE-2008-5543

Symantec AntiVirus SAV 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

CVE-2008-5537

PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

CVE-2008-5536

Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

CVE-2008-5533

K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg...

Design/Logic Flaw

Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt...