Design/Logic Flaw

AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a...

CVE-2008-5525

ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extensio...

Design/Logic Flaw

DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, a...

Hardcoded credentials

Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extensio...

Design/Logic Flaw

K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg...

Design/Logic Flaw

Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

CVE-2008-5525

ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extensio...

CVE-2008-5543

Symantec AntiVirus SAV 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

dvbbs7. 0 and 8. 0 access backstage to get webshell-vulnerability warning-the black bar safety net

Create a new database file, named a. mdb Create a new text file, 命名为b.txt and write the word Trojan At the command line enter the command copy a. mdb/b+b. txt/b c. mdb Get the c. mdb is already inserted into the word Trojan in the database Then in the posting the place to upload attachments, the...

Iamma Simple Gallery 1.0/2.0 Arbitrary File Upload Vulnerability

No description provided by source. Found by: X0r Iamma Simple Gallery Arbitrary File Upload Version: 1,2 ? Email: evolutionteam.x0atgmaildotcom Script Download:http://www.matteoiammarrone.com/public/modules.php?name=Downloads&dop=getit&lid=4 Script Download...

Iamma Simple Gallery 1.02.0 - Arbitrary File Upload

Iamma Simple Gallery 1.02.0 - Arbitrary File Upload Found by: X0r Iamma Simple Gallery Arbitrary File Upload Version: 1,2 ? Email: evolutionteam.x0atgmaildotcom Script Download:http://www.matteoiammarrone.com/public/modules.php?name=Downloads&dop=getit&lid=4 Script Download...

PHP FastCGI模块文件扩展拒绝服务漏洞

BUGTRAQ ID: 31612 CVE ID：CVE-2008-3660 CNCVE ID：CNCVE-20083660 PHP FastCGI是一款用于提高PHP性能的模块。 PHP FastCGI不正确处理部分文件请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 1，ext/gd's imageloadfont函数存在溢出。 2，PHP内部memnstr函数作为explode函数导出到用户空间存在溢出。 这些函数接收部分webapps中用户提供的数据，可远程利用。 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard...

Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...

Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================================== Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ======================================================================== ?php /...

cmsworks-upload.txt

array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...

cmsWorks 2.2 RC4 - &#039;FCKeditor&#039; Arbitrary File Upload

array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked / errorreporting0...

Achievo 1.3.2 - FCKeditor Arbitrary File Upload

Achievo 1.3.2 - FCKeditor Arbitrary File Upload array"zip","doc","xls","pdf","rtf","csv","jpg","gif","jpeg","png","avi","mpg","mpeg","swf","fla", with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file...

cmsmadesimple-upload.txt

?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Coppermine &lt;=1.4.16 [Content-type] SQL-injection Exploit

Coppermine =1.4.16 Content-type SQL-injection Exploit 1 Дата: Найдена: April 9, 2008 Пропатчена: April 11, 2008 http://forum.coppermine-gallery.net/index.php/topic,51787.0.html 2 Продукт: Coppermine Photo Gallery =1.4.16 3 Уязвимость: SQL-injection в Content-type при загрузке удаленных файлов...

phpCMS 1.2.2 (parser.php file) Remote File Disclosure Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-005 Application: phpCMS Versions Affected: 1.2.2 Vendor URL: http://www.phpcms.de Bug: Remote File Disclosure, Get admin password Exploits: YES Reported: 10.01.2008 Vendor response: 12.01.2008 Date of...