StrawBerry 1.1.1 - Local File Inclusion / Remote Command Execution

?php / StrawBerry 1.1.1 LFI / Remote Command Execution Exploit Site: http://strawberry.goodgirl.ru/ magicquotesgpc = Off Author: AVT Date : 10.05.09 My Site: http://antichat.ru/ / settimelimit0; errorreporting0; list$cli,$host,$path = $argv; if $argc != 3 print...

CVE-2008-4830

Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 KWEDIT.DLL 6400.1.1.41 and 7.10 Patch 5 KWEDIT.DLL 7100.1.1.43 allows remote attackers to 1 overwrite arbitrary files via the SaveDocumentAs method or 2 read or execute arbitrary files via the OpenDocument method...

CVE-2008-6592

CVE-2008-6592 affects Thumbsup/Thumbs-Up 1.12 used in LightNEasy “no database” (flat) and SQLite 1.2.2 and earlier. The issue is a directory traversal vulnerability in the image parameter, exploitable via a modified cache_dir containing a %00 (encoded null byte), allowing remote attackers to copy...

Femitter FTP Server 1.x Traversal / File Manipulation

/ Femitter Server FTP 1.x Multiple Vulnerability ---------------------------------------------------- Arbitrary: ---------- The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected...

Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities

/ Femitter Server FTP 1.x Multiple Vulnerability ---------------------------------------------------- Arbitrary: ---------- The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected...

FFFTP LIST Command Directory Traversal Vulnerability

This host is installed with FFFTP Client and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: gbffftplistcmddirtraversalvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ FFFTP LIST Command Directory Traversal Vulnerability. Authors: Nikita MR Copyright: Copyright c 2009...

CVE-2008-5966

globsyedit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter...

CVE-2009-0134

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the 1 DoSaveFile or 2 DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by...

JHead: Multiple vulnerabilities

Background JHead is an exif jpeg header manipulation tool. Description Marc Merlin and John Dong reported multiple vulnerabilities in JHead: A buffer overflow in the DoCommand function when processing the cmd argument and related to potential string overflows CVE-2008-4575. An insecure creation o...

CVE-2008-5658

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. dot dot sequences...

A simple php source code disclosure vulnerability excavations-vulnerability warning-the black bar safety net

We know that in asp appears to be the most or thesql injection, but in php since magicquotesgpc is on case special characters will be escaped, so even if there are a lot of times theresql injectionalso I can not use. But php powerful file operation function, but so that we can experience in asp c...

KLA10352 Multiple vulnerabilities in Symantec Backup Exec

Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to bypass auth, read / delete files, cause denial of service and possibly execute arbitrary code. Below is a complete list of vulnerabilities 1. Vectors related to the...

CVE-2008-5407

Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 aka 11d builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors...

CVE-2008-5275

Multiple directory traversal vulnerabilities in the a "Unzip archive" and b "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. dot dot in a filename within a 1 TAR or 2 ZIP archive. NOTE: this c...

Directory traversal

Multiple directory traversal vulnerabilities in the a "Unzip archive" and b "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. dot dot in a filename within a 1 TAR or 2 ZIP archive. NOTE: this c...

CVE-2008-5155

mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a 1 /tmp/header. or 2 /tmp/body. temporary file, or append data to arbitrary files via a symlink attack on the 3 /tmp/sms.log temporary file...

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Vulnerability

Exploit for unknown platform in category remote exploits ===================================================================== Exodus 0.10 uri handler Arbitrary Parameter Injection Vulnerability =====================================================================...

GLSA-200811-05 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200811-05 PHP: Multiple vulnerabilities Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution i...

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilitites were found in PHP: PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security...

CVE-2008-5002

CVE-2008-5002 affects Chilkat Crypt ActiveX Control (ChilkatCrypt2.dll 4.3.2.1). The Insecure method vulnerability allows remote creation/overwrite of arbitrary files via the WriteFile method, with potential code execution through startup-folder DLLs or hcp:// URLs. Public PoCs/exploits exist (e....