db Software Laboratory VImpX (VImpX.ocx) Multiple Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------- db Software Laboratory VImpX VImpX.ocx Multiple vulnerabilities url: http://www.dbsoftlab.com/ Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.net Info: File:...

CVE-2008-4579

The 1 fenceapc and 2 fenceapcsnmp programs, as used in a fence 2.02.00-r1 and possibly b cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file...

CVE-2008-4579

CVE-2008-4579 is tied to the fence components (fence_apc and fence_apc_snmp) used by fence 2.02.00-r1 and possibly cman. The vulnerability arises from insecure temporary file handling in verbose mode, enabling a local attacker to perform a symlink attack against the apclog file and append data to...

CVE-2008-4453

The GdPicture 1 Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control gdpicture4s.ocx 4.7.0.1 and 2 Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control gdpicturepro5s.ocx 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method...

Remote code execution

The GdPicture 1 Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control gdpicture4s.ocx 4.7.0.1 and 2 Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control gdpicturepro5s.ocx 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method...

CVE-2008-3872

Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations...

CVE-2008-4319

fileadmin.php in Libra File Manager aka Libra PHP File Manager 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string...

CVE-2008-4319

CVE-2008-4319 affects Libra File Manager (Libra PHP File Manager) up to version 1.18. The vulnerability allows remote attackers to bypass authentication and read, modify, or list arbitrary files/directories by injecting certain query parameters (e.g., user and isadmin) in fileadmin.php. The NVD e...

CVE-2008-4192

The pservershutdown function in fenceegenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file...

Gentoo Security Advisory GLSA 200409-32 (getmail)

The remote host is missing updates announced in advisory GLSA 200409-32. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD Ports: qpopper

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

linux/x86 connect back.send.exit /etc/shadow 155 bytes

No description provided by source. ; CoDed by 0in ; Dark-Coders Group Productions ; Linux x86 connect back&send&exit /etc/shadow 155 byte shellcode ; www.dark-coders.pl ; Contact: 0indotemailatgmaildotcom ; Greetings to:dieAngel,suN8Hclf,m4r1usz,cOndemned ; Compile: ; nasm -f elf shellcode.asm ; ...

Dayfox Blog 4 - Multiple Local File Inclusions

..:::::Dayfox Blog LOCAL FILE INCLUSION Vulnerbility ::::... Virangar Security Team www.virangar.net -------- Discoverd By :Virangar Security Team hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the...

msaccess-activex.txt

/ Microsoft Access Snapshot Viewer ActiveX Control Exploit Ms-Acees SnapShot Exploit Snapview.ocx v 10.0.5529.0 Download nice binaries into an arbitrary box Vulnerability discovered by Oliver Lavery http://www.securityfocus.com/bid/8536/info Remote: Yes greetz to str0ke / include include define...

Corel Linux 1.0 xconf工具存在多个安全漏洞

Corel Linux中的xconf工具中缺乏对用户输入的有效检查，并且没有正确放弃特权。因此本 地用户可以利用这些漏洞获得root权限，或者导致拒绝服务攻击。 1 将XF86Config的一些数据添加到系统中的任意文件中去。 /sbin/buildxconf没有检查用户输入的数据，并且被设置了setuid root位。当用"-f" 参数执行它时，用户可以将输出存储到一个指定文件，比如/etc/shadow 2 用一些垃圾数据替换掉任何存在文件的第一行 当用"-x"参数执行buildxconf程序时，它将用X server的路径/文件名替代掉指定文件的第...

Core Image Fun House 2.0 (OSX) - Arbitrary Code Execution (PoC)

!/usr/bin/ruby Copyright c Netragard, LLC. [email protected] /Developer/Applications/Graphics Tools/Core Image Fun House.app /Contents/MacOS/Core Image Fun House gdb x/10s 0xbfffddf7 0xbfffddf7: 'Z' , "DCBA center" 2007-07-10 21:15:34.573 Core Image Fun House1061 CFLog 0:...

CVE-2008-3113

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077...

Neutrino 0.8.4 Atomic Edition Remote Code Execution Exploit

Exploit for unknown platform in category web applications =========================================================== Neutrino 0.8.4 Atomic Edition Remote Code Execution Exploit =========================================================== !/usr/bin/perl Neutrino 0.8.4 Atomic Edition Perl exploit...

Design/Logic Flaw

webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename...

ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal

source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to...