Directory traversal

Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors...

discuz x latest background Getshell detailed use method-vulnerability warning-the black bar safety net

User – the user column – the column packet – submit – capture I am in this error, be sure to submit, or catch the data packet is not the same | 1 | The Content-Disposition: form-data; name="settingnewprofilegroupnewbaseavailable" ---|--- Read: 1 | Content-Disposition: form-data;...

ecshop 7, the patch appeared again covert Backdoor-vulnerability warning-the black bar safety net

ecshop is acquired, you don't know what's up 2 0 1 3 5 7 Number update number 7 patch, but the download down, I found obviously wrong. First, the includes directory inside the install folder, the original is not in this folder, and inside is full of js, which are the last to discover this directo...

Code injection

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

CVE-2013-0224

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1)

SEC Consult Vulnerability Lab Security Advisory 20130308-0 ======================================================================= title: Multiple critical vulnerabilities part 1 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

GroundWork Monitor Enterprise contains multiple vulnerabilities

Overview GroundWork Monitor Enterprise 6.7.0 and possibly earlier versions contain multiple vulnerabilities. Description The SEC Consult Vulnerability Lab Security Advisory states:The following vulnerability description has been categorized into the components where the vulnerabilities have been...

[Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access

Onapsis Security Advisory 2013-004: SAP J2EE Core Service Arbitrary File Access This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories,...

CVE-2013-0219

System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files...

8 ways siteserver background getwebshell and safety recommendations-vulnerability warning-the black bar safety net

First: stencil management to directly modify the file source code can be obtained webshell Second: editor vulnerability http://demo2.siteserver.cn/siteserver/TextEditor/fckeditor/ can get webshell Third: stencil add actually have add asp to the aspx file the template in webshell Fourth: the page...

NConf 1.3 - Arbitrary File Creation

Exploit Title: nconf file read and wrtite exploit Date: 2013/1/20 Exploit Author: haidao，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Version: nconf 1.3 Tested on: Server: Apache/2.2.15 Centos PHP/5.3.3 nconf can modify the config file of nagios and save it...

NConf 1.3 - Arbitrary File Creation

NConf 1.3 - Arbitrary File Creation Exploit Title: nconf file read and wrtite exploit Date: 2013/1/20 Exploit Author: haidao，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Version: nconf 1.3 Tested on: Server: Apache/2.2.15 Centos PHP/5.3.3 nconf can modify t...

Samsung Kies ActiveX multiple security vulnerabilities

Code execution, files modification...

BeZIP vulnerable to directory traversal

Overview BeZIP contains a directory traversal vulnerability. BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this...

Multiple vulnerabilities in Samsung Kies

Advisory ID: HTB23099 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.3.2.1205420 and probably prior Tested Version: 2.3.2.1205420 Vendor Notification: June 25, 2012 Public Disclosure: October 15, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476, Improper Access...

CVE-2012-0692

CA License aka CA Licensing before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors...

Code injection

CA License aka CA Licensing before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors...

CVE-2012-0692

CA License (CA Licensing) CVE-2012-0692: vulnerabilities exist in CA License before 1.90.03 that allow a local unprivileged user to create/modify arbitrary files and gain elevated access due to inadequate user validation. The Security Notice expands affected products and platforms (multiple CA pr...

CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...

CVE-2012-3324

IBM DB2 on Windows (DB2 10.1 and DB2 Connect 10.1) is affected by a directory traversal vulnerability in the UTL_FILE module. The issue arises from how file names are processed, allowing a remote authenticated user to view, modify, or delete arbitrary files outside the intended directory via a cr...