CVE-2007-1639

PHProjekt 5.2.0 contains an unrestricted file upload vulnerability (CVE-2007-1639) that allows an authenticated user to upload a PHP payload and execute code via a file with an executable extension, when magic_quotes_gpc is disabled. The issue can be triggered through modules such as calendar or ...

n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation

n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.006 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Privilege escalation Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/02...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

Ce-Admin news publishing system vulnerability analysis-vulnerability warning-the black bar safety net

The news publishing system is currently mainly used for a picture news release, due to the generated html, the browsing speed is very fast, resulting in a more modified version, currently found in at least 4 modified version, the user group of the majority, although modified, but still there are...

Total Commander任意文件删除漏洞

Total Commander是一款磁盘文件管理软件。 Total Commander存在输入验证错误，本地攻击者可以利用漏洞删除任意系统文件。 问题是Total Commander处理恶意构建的RAR文件存在问题，由于输入验证问题，可导致删除或者破坏系统文件，造成拒绝服务攻击。 Total Commander Total Commander 升级程序： Total Commander Total Commander 0 Total Commander Total Commander 6.56 http://www.ghisler.com/download.htm...

Quietly tell you how hackers to your system kind of Trojan horse-vulnerability warning-the black bar safety net

I believe that many friends have heard of the Trojans, always feel it is very mysterious, very difficult, but in fact with the Trojan software intelligent, a lot of hackers are able to easily achieve the attack purpose. Today, the author in the latest of a Trojan horse-the black hole 2 0 0 4, fro...

Cisco VPN 3000 Concentrator FTP任意文件访问漏洞

Cisco VPN 3000 Concentrator是一款VPN网络通信解决方案。 Cisco VPN 3000 Concentrator通过FTP进行文件管理时存在问题，远程攻击者可以利用漏洞以FTP服务进程上下文访问任意文件。 Cisco VPN 3000系列可配置使用FTP协议管理存储在集中器上的文件，如配置文件和证书，文件可以被上传或下载。 当FTP起用为文件管理协议时存在两个漏洞，通过执行如下FTP命令可利用这些漏洞： CWD MKD CDUP RNFR SIZE RMD 要查看更详细的漏洞描述，可参考如下链接注册用户可查看：...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= Plume CMS 1.1.3 dbinstall.php Remote File Include Vulnerability =================================================================...

Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management, multiple authors with different righ...

Jemscripts Download Control v1.0

Jemscripts Download Control v1.0 Homepage: http://www.jemscripts.co.uk Description: DownloadControl provides a complete download file management system that is easy to set-up and maintain and yet gives you powerful features for controlling and monitoring your site download files. You will need to...

CVE-2003-1298

Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortalphp 12 MAY 00 allow remote attackers to 1 create, 2 delete, 3 save, and 4 upload files by navigating to the root directory and entering a filename beginning with "./.." dot slash dot dot...

vis.pl.txt

Hackers Center Security Group http://www.hackerscenter.com/ spher3's Security Advisory Multiple transversal bug in vis.pl -------------------------------------------------------------------------- Description: Vis.pl is a perl script which manages files in order to show these; you can find it in...

[HSC] Multiple transversal bug in vis

Hackers Center Security Group http://www.hackerscenter.com/ spher3's Security Advisory Multiple transversal bug in vis.pl -------------------------------------------------------------------------- Description: Vis.pl is a perl script which manages files in order to show these; you can find it in...

adv20060116.txt

========================================================== Title: Directory traversal in phpXplorer Application: phpXplorer Vendor: http://www.phpxplorer.org Vulnerable Versions: 0.9.33 Bug: directory traversal Date: 16-January-2006 Author: Oriol Torrent Santiago References:...

phpXplorer XSS vuln.

phpXplorer XSS vuln. Vuln. discovered by : r0t Date: 16 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpxplorer-xss-vuln.html vendor:http://www.phpxplorer.org/ affected version:0.9.12 and prior Product Description: phpXplorer is a free open source file management system / explor...

CVE-2005-3773

Technical details about CVE-2005-3773 are not publicly provided in the supplied documents; monitor for updates.

[SECURITYREASON.COM] SQL injection and XSS in paFileDB

-= SecurityReason-2005-SRA03 =- -= SQL injection and XSS in paFileDB =- Author: sp3x Date: 12 March 2005 Affected software : =================== paFileDB version : =3.1 Description : ============= paFileDB is designed to allow webmasters have a database of files for download on their site. To add...

PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion

PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion !/usr/bin/perl use LWP::Simple; use IO::Socket::INET; while1 $numr = int rand9999; $caxe = "."; $caxe1 = "."; $caxe .= rand9999; $caxe1 .= rand9999; $arq = "."; $arq = int rand9999; opensites,"$arq"; print sites ""; closesites;...

RHEL 2.1 : fileutils (RHSA-2003:016)

Updated fileutils packages are available which fix a race condition in recursive remove and move commands. The fileutils package includes a number of GNU versions of common and popular file management utilities. A race condition in recursive use of rm and mv commands in fileutils 4.1 and earlier...

Outlook Express HTML file writing

During reply to a message with HTML file attached this file is saved to known location...