JVN#92683325: Movable Type vulnerable to OS command injection

Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest version of each product according to the information provided by the...

Advanced File Management 1.4 Cross Site Scripting

ISlamic Republic Of IRan Security Team http://irist.ir/forum/ Advanced File Management v1.4 Cross-Site Scripting Vulnerabilities Download......: http://www.dl.p30script.ir/1390-7/Advanced-File-Management-v1.4P30Script.ir.rar Exploit.......: http://www.site.com/path/users.php?page=xss Google...

Advanced File Management 1.4 - users.php Cross-Site Scripting

Advanced File Management 1.4 - users.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51339/info Advanced File Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

fims File Management System 1.2.1a - Multiple Vulnerabilities

Exploit Title: fims - File Management System execute"select from fimsuser where email='$email' and password=md5'$password'"; if $db-numrows$rs0 return true; else return false; Line 51 of index.php: if isset$REQUESTf assertisnumeric$REQUESTf; $file = getfiledata$gdb, $REQUESTf; header"Accept-Range...

fims File Management System 1.2.1a - Multiple Vulnerabilities

fims File Management System 1.2.1a - Multiple Vulnerabilities Exploit Title: fims - File Management System execute"select from fimsuser where email='$email' and password=md5'$password'"; if $db-numrows$rs0 return true; else return false; Line 51 of index.php: if isset$REQUESTf...

fims File Management System <= 1.2.1a Multiple Vulnerabilities

Exploit for php platform in category web applications 0day.today 2018-04-13...

Apple iTunes多个安全漏洞

CVE ID:...

Joomla Simple File Lister module &lt;= 1.0 Directory Traversal Vulnerability

No description provided by source. Exploit Title: Joomla Simple File Lister module = 1.0 Directory Traversal Vulnerability Google Dork: "Simple File Lister v1.0" "Files in directory" Date: 2011-08-28 Author: evilsocket evilsocket at gmail dot com Software Link:...

Joomla! Component mod_simpleFileLister 1.0 - Directory Traversal

Joomla! Component modsimpleFileLister 1.0 - Directory Traversal Exploit Title: Joomla Simple File Lister module = 1.0 Directory Traversal Vulnerability Google Dork: "Simple File Lister v1.0" "Files in directory" Date: 2011-08-28 Author: evilsocket evilsocket at gmail dot com Software Link:...

YothCMS traversal directory vulnerability-vulnerability warning-the black bar safety net

Preferably a science and technology enterprise website management systemYothCMSis a completely open source free CMS that! YothCMS by Shijiazhuang preferably science and Technology Co., Ltd. The development of a completely open source build system, mainly for enterprises to quickly build simple,...

Adobe ColdFusion Remote Development Services Enabled Without Authentication

ColdFusion's Remote Development Services allow developers to use IDEs such as Dreamweaver to manage applications. The remote host has RDS enabled without authentication. This means that a remote attacker can read and write files on the affected system. %NASLMINLEVEL 70300 C Tenable Network...

Red Hat Enterprise Linux logrotate任意执行命令及信息泄露漏洞

CVE ID: CVE-2011-1155,CVE-2011-1154,CVE-2011-1098 logrotate程序可简化多个日志文件的管理，允许日志文件的自动循环、压缩、删除和 邮寄。 logrotate处理shred指令时存在shell命令注入漏洞，特制日志文件可造成logrotate 以运行logrotate默认root的用户权限执行任意命令。注意：默认没有启用shred指令。 logrotate在创建新日志文件时应用权限的方式中存在竞争条件漏洞，在一些特定配置 中，本地攻击者可利用此漏洞在logrotate应用最终权限之前打开新的日志文件，可导 致泄露敏感信息。...

[SECURITY] Fedora 15 Update: logrotate-3.7.9-8.fc15

The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log...

PPS 4.0 perl-cgi web shell

PPS 4.0 perl-cgi web shell Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. SIZE: 55.88 KB last update - 12.07.2013 09:45 Авторизация на cookies SystemInfo - информация о сервере Fi...

Skyway Web Site Navigation System of any downloads, file deletion vulnerability and fix-vulnerability warning-the black bar safety net

Design flaws Vulnerabilityfiles: admin/addata.php Backup and Restore Database functions no management login authentication Look at the code.... case 'down': $filename or message'the file name cannot be empty'; filedown'../data/'.$ filename; break; case 'delete': unlink"../data/$GET'filenames'";...

WSO 2.5 (web shell)

Данная утилита предоставляет веб-интерфейс для удаленной работы c операционной системой и ее службами/демонами. Описание возможностей / особенности: Авторизация на cookies Информация о сервере Файловый менеджер Копирование, переименование, перемещение, удаление, чмод, тач, создание файлов и папок...

Tastydir 1.2 (1216) - Multiple Vulnerabilities

Exploit Title: Tastydir = 1216 folder creation vuln Date: Oct 17 2010 Author: R Software Link: http://codecanyon.net/item/tastydir-an-ajax-file-manager-and-dir-listing/117167 Version: 1216 Tested on: Ubuntu 10.10 Information: Tastydir is a cross-platform PHP file management system which allows yo...

Data/File upload and management Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =================================================================== Data/File upload and management Arbitrary File Upload Vulnerability =================================================================== : Date: 14/10/2010 : : Author:...

Data/File Upload And Management Shell Upload

: Exploit Title: Data/File upload and management local shell upload : : Date: 14/10/2010 : : Author: saudi0hacker : : Software Link: http://resellscripts.info/index.php?route=product/product&productid=137 : : Version: All version : : Tested on: linux b0x : : Greetz to : All of my Friends :...

Data/File upload and management Arbitrary File Upload Vulnerability

No description provided by source. : Exploit Title: Data/File upload and management local shell upload : : Date: 14/10/2010 : : Author: saudi0hacker : : Software Link: http://resellscripts.info/index.php?route=product/product&productid=137 : : Version: All version : : Tested on: linux b0x : :...