CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...

Crlf injection

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...

马克斯CMS2.0beta (maxcms)管理员认证绕过漏洞

maxcms后台有自动升级功能，ajax的那个注射被修补了，但是这个漏洞还是没有修补。在上一贴有同学问是否能绕过认证，答案是肯定的，但是前提是要知道后台目录地址 Sub checkPower dim loginValidate,rsObj : loginValidate = "maxcms2.0" err.clear on error resume next set rsObj=conn.db"select mrandom,mlevel from premanager where musername='"&rCookie"musername"&"'","execute"...

Antivirus software can Chennai I what network God steal feature code to modify the combat-vulnerability warning-the black bar safety net

Article author: icyfoxlovelace/ice Fox prodigal sonEST Information source: evil octal Note: this article was originally published in hackers Defense of Network thief deserves is a professional-grade remote file access tool, its operation is simple, the function“designed and refined”, but as the...

linux/x86 append rsa key to /root/.ssh/authorized_keys2 295 bytes

Exploit for linux/x86 platform in category shellcode ================================================================= linux/x86 append rsa key to /root/.ssh/authorizedkeys2 295 bytes ================================================================= / linux/x86 shellcode to append rsa key to...

Adobe AIR < 1.5 JavaScript Code Execution Vulnerability

Adobe AIR is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5076

CVE-2008-5076 affects htop where non-printable characters in process names were not sanitized, enabling local users to influence terminal output (hide processes, modify files via crafted process name). Connected advisories show distribution patches introducing non-printable character filtering (e...

CVE-2008-4580

fencemanual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fencemanual.fifo temporary file...

CVE-2008-4343

The Chilkat XML ChilkatUtil.CkData.1 ActiveX control ChilkatUtil.dll 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the 1 SaveToFile, 2 SaveToTempFile, or 3 AppendBinary method. NOTE: this issue might only be exploitable in...

CVE-2008-3789

CVE-2008-3789 (Samba 3.2.0): The vulnerability arises from weak permissions (0666) on the group_mapping.tdb and group_mapping.ldb files, enabling local users to modify Unix group memberships. Concrete details in connected docs confirm the affected component/files and the local-privilege consequen...

Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit

No description provided by source. / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorchown.c - syschown missing DAC controls on Linux Copyright c 2004 Marco Ivaldi [email protected] Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of file...

CVE-2008-2942

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." dot dot sequences in a patch file...

Authentication flaw

admin/filemanager/ aka the File Manager in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files...

CVE-2008-0884

The Replace function in the capp-lspp-config script in the 1 lspp-eal4-config-ibm and 2 capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux RHEL 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable...

PT-2008-1129 · Openbsd +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 4.4 through 4.7 OpenSSH versions prior to 4.9 Description: The issue concerns multiple vulnerabilities in the OpenSSH package that can be exploited to compromise the confidentiality, integrity, and availability of protected...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

Code injection

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1570

policyd-weight contains a local race condition in create_lockpath that lets unprivileged users modify or delete files by exploiting the LOCKPATH handling. The issue affects the insecure handling of the temporary directory, noted as a result of an incomplete fix for CVE-2008-1569, and is discussed...