JVN#84775942 Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling

Impact Actual impact could differ depending on the email clients though, an attacker coulld possibly forge a file name or a email client could handle a file inappropriately which may result in a file being overwritten or an arbitray file being created and saved in an arbitrary directory. Solution...

Adobe Document Server File URI Arbitrary Resource Manipulation

The remote host is running Adobe Document Server, a server that dynamically creates and manipulates PDF documents as well as graphic images. The version of Adobe Document Server installed on the remote host allows saving PDF and XML documents as well as most types of image files using file URIs t...

[Full-disclosure] Secunia Research: Adobe Document/Graphics Server File URI Resource Access

====================================================================== Secunia Research 15/03/2006 - Adobe Document/Graphics Server File URI Resource Access - ====================================================================== Table of Contents Affected...

CVE-2006-1063

Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox"...

CVE-2006-0926

Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a 1 zip or 2 tar archive...

CVE-2006-0711

The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...

CVE-2006-0711

NeoMail 1.28’s neomail-prefs.pl lacks validation of the sessionid in addfolder/deletefolder, allowing an unauthenticated attacker to create or delete arbitrary mail-folder files. Exploitation requires homedirfolders and homedirspools both set to no; files are manipulated subject to the process' g...

LinPHA <= 1.0 Multiple Vulnerabilities

The remote host is running LinPHA, a web photo gallery application written in PHP. The installed version of LinPHA suffers from a number of flaws, several of which could allow an unauthenticated attacker to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the...

DSR-farmerswife44sp1.pl.txt

!/usr/bin/perl kokanin 20060106 // farmers wife server 4.4 sp1 allows us to use ../../../ patterns as long as we stand in a folder where we have write access. haha, that's what you get for implementing your own access control instead of relying on the underlying OS. default port is 22003, default...

CVE-2005-4622

Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... triple dot in 1 the URL on port 608 and 2 the argument to upload.exe...

hcXSS.txt

In GOD We Trust Kachal667 Under9round Team KuT Hi, Here's myLrK new advisory about Hosting Controller. Hosting Controller - CSS vulnerabilities Found date : Pri8 Public Date: 02/11/2005 Summary ------- Hosting Controller is an all-in-one administrative hosting tool for Windows. It automates a wid...

Moderate: Red Hat Security Advisory: perl security update

Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilitie...

Upside down world: back door Kill firewall&antivirus software(figure)-vulnerability warning-the black bar safety net

Often in the Get WebShell and elevation of Privilege, the server firewall or antivirus just to play a role, let's pass up the tools of the old disappear; or some firewall settings very BT, often causing a lot of inconvenience. Although some of the back door with cleanup antivirus and firewall...

Kuang2 the Virus

Kuang2 the Virus was found. Kuang2 the Virus is a program that infects all the executables on the system, as well as set up a server that allows the remote control of the computer. The client program allows files to be browsed, uploaded, downloaded, hidden, etc on the infected machine. The client...

YusASP Web Asset Manager Vulnerability

YusASP Web Asset Manager is a complete file manager for your website. If left uprotected, the YusASP allows you to anage the remote server SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

BEA WebLogic Management Servlet Multiple Vulnerabilities (BEA03-28)

BEA WebLogic is prone to multiple vulnerabilities in a management servlet. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kuang2 the Virus

Kuang2 the Virus was found. SPDX-FileCopyrightText: 2000 Scott Adkins Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10132";...

CVE-2005-2660

apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug...

CVE-2005-2891

WebArchiveX.dll 5.5.0.76 (pre-Sept 6, 2005) exposes a scripting-unsafe default state that allows remote attackers to read or write arbitrary files via the MakeArchive and MakeArchiveStr methods. Affected component is WebArchiveX.dll; vulnerability arises because the component was marked safe for ...

HP-UX Ignite-UX TFTP Service Remote File Manipulation

The remote host has a vulnerable version of the HP Ignite-UX application installed that exposes a world-writeable directory to anonymous TFTP access. A remote attacker could exploit this to upload arbitrary files. This NASL script was written by Martin O'Neal of Corsaire http://www.corsaire.com T...