2494 matches found
SineCMS <= 2.3.5 Local File Inclusion / RCE Vulnerabilities
Exploit for unknown platform in category web applications =========================================================== SineCMS | |||| | | /| / / | | Sine CMS Local File Inclusion / RCE Registerglobals: ON | | Version: = 2.3.5 | | Vendor: www.sinecms.net | | Discovered by: KiNgOfThEwOrLd | Intro:...
Code injection
Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file...
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5
waraxe-2007-SA060 - Sensitive info disclosure in CuteNews = 1.4.5 ===================================================================== Author: Janek Vind "waraxe" Date: 24. December 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-60.html Vulnerable software description: Cute new...
CVE-2007-6506
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to 1 overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly 2 access arbitrary files via the...
Important: Red Hat Security Advisory: java-1.5.0-ibm security update
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2...
CVE-2007-5718
CVE-2007-5718 affects vobcopy up to version 0.5.14. A local attacker can exploit insecure temporary file handling (creating/appending to /tmp/vobcopy.bla or /tmp/vobcopy_0.5.14.log) via a symlink attack to write to arbitrary files with the privileges of the running user. The vulnerability arises ...
CVE-2002-2360
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remoteforeignrequire and remoteforeigncall requests...
CVE-2002-2360
CVE-2002-2360 affects Webmin 0.21–0.99. The RPC module, when installed without root/admin privileges, allows remote attackers to read and write arbitrary files and to execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. The vulnerability is associated with remot...
Flatnuke 3 - Remote Command Execution / Privilege Escalation
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Flatnuke 3...
openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-4527)
The Sun JAVA JDK 1.5.0 was upgraded to release 13 to fix various bugs, including the following security bugs : http://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1 CVE-2007-5232: Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and...
That one with Sam the FV key value to the hidden clone account method-vulnerability warning-the black bar safety net
| The principle is very simple Ah sam FV key value. focus on how to avoid detection Generally the detection of clone accounts is the detection of the sam inside there not the same FV. use this feature to bypass the detection. huh --- Step 1.net user allyesno freexploit /add&net localgroup...
CVE-2007-5110
CVE-2007-5110 describes an absolute path traversal in the EB Design ebCrypt ActiveX control (EbCrypt.eb_c_PRNGenerator.1) within EBCRYPT.DLL 2.0.0.2087 and earlier. The vulnerability allows remote attackers to create or overwrite arbitrary files by passing a full pathname to the SaveToFile method...
Design/Logic Flaw
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file...
Directory traversal
Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. dot dot in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder...
Directory traversal
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...
Timbuktu Pro < 8.6.5 Multiple Vulnerabilities
According to its version, the installation of Timbuktu Pro on the remote host reportedly is affected by three buffer overflows that can be exploited without authentication to crash the service or execute arbitrary code on the affected host with SYSTEM privileges. In addition, the application also...
Directory traversal
Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. dot dot in a Send request, probably related to the 1 Send and 2 Exchange services...
Unreal Commander畸形压缩文档多个远程漏洞
BUGTRAQ ID: 25419 Unreal Commander是一款免费的Windows平台文件管理器。 Unreal Commander在解压文件时存在多个安全漏洞,攻击者可能通过诱使用户处理恶意文件控制用户系统。 如果用户使用Unreal Commander解压了文件名包含有类似于以下目录遍历序列的ZIP或RAR文档的话: Something/../../../../../../Program Files/Something/ws232.dll 就会导致在指定目录中创建ws232.dll文件。 ZIP文档中包含有两处写入文件名的位置:Local文件头和Central...
Nessus Windows < 3.0.6.1 ScanCtrl ActiveX Multiple Method File Manipulation
The remote host contains the ScanCtrl ActiveX control, a part of Nessus for Windows. The version of the ScanCtrl ActiveX control, installed as part of Nessus for Windows on the remote host, fails to validate input to several methods. If an attacker can trick a user on the affected host into...
CVE-2007-3883
The Data Dynamics ActiveBar ActiveX control actbar3.ocx 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in 1 the second argument to the Save method, or the first argument to the 2 SaveLayoutChanges or 3 SaveMenuUsageData method...