CVE-2002-1422

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...

CVE-2002-1395

Internet Message IM 141-18 and earlier uses predictable file and directory names, which allows local users to 1 obtain unauthorized directory permissions via a temporary directory used by impwagent, and 2 overwrite and create arbitrary files via immknmz...

CVE-2002-1345

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. dot dot sequences...

Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Modification

Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Modification source: https://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php'...

Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Modification

source: https://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is the result of FUDForum allowing...

CVE-2002-0773

improotdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to improotdir.asp and modifying parameters such as 1 ftp, 2 owwwPath, and 3 oftpPath...

WHERE'S THE CA$H: Internet Explorer 6.00. Outlook Express 6.00

Saturday, July 27, 2002 Trivial lead-up to yet another silent delivery and installation of an executable on the target computer using Outlook Express 6. This can be achieved combining several past possibilities, specifically the following: http://www.securityfocus.com/bid/1033...

CVE-2002-0773

improotdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to improotdir.asp and modifying parameters such as 1 ftp, 2 owwwPath, and 3 oftpPath...

AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation

The AlienForm CGI script allows an attacker to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file. The AlienForm CGI script is installed as either af.cgi or alienform.cgi. %NASLMINLEVEL 70300 This script was written by Andrew...

CVE-2001-1120

CVE-2001-1120 affects Allaire/Macromedia ColdFusion Server (versions 2.0–4.5.1 SP2). The issue allows remote attackers to read or delete arbitrary files or overwrite ColdFusion server templates via network access. The vulnerability is documented across multiple sources (NVD, CVE list, CERT/CC) wi...

CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHPSELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user...

CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHPSELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user...

CVE-1999-1413

Solaris 2.4 before patching, prior to the kernel jumbo patch -35, is vulnerable. Set-gid programs can dump core even if the real user is not in the set-gid group, enabling local privilege escalation through a core dump (e.g., via dmesg). The connected documents confirm the vulnerability details; ...

CVE-1999-1517

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar...

CVE-2001-1120

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to 1 read or delete arbitrary files, or 2 overwrite ColdFusion Server templates...

Релеинг через poprelayd (message relaying)

Можно обмануть защиту от релеинга через Pop-before-smtp подменив запись в лог-файле...

bug

Hi, I'm reposting a bug I've found some time before. Thanks WebStore from www.cgicentral.net is a shopping cart allowing users to buy things on-line. One of the scripts in the package, wsmail.cgi unsafely passes user-submitted data to 'system' command: if $in'terminate' eval system"kill $in'kill'...

DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)

DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...

CVE-2000-0818

The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRCFILE or SET LOGFILE commands...

Broker FTP Multiple Command Arbitrary File/Directory Manipulation

Broker FTP appears to be running on the remote host. This version has a directory traversal vulnerability that allows a remote attacker to view and delete files outside of the FTP root directory. TRUSTED...