EUVD-2006-6359

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager SFM 0.24a allow remote attackers to use ".." sequences to 1 read arbitrary files via the filename parameter in a download action, 2 delete arbitrary files via the delete parameter, and 3 modify arbitrary files via the...

simple file manager 0.24a - Multiple Vulnerabilities

/\ | flame vrs Simple File Manager | | http://onedotoh.sourceforge.net/ | | Various Vulnerbilities Including: | / /+++++++++++++++++++++++++++++++++++++++++++\ | Using the scripts supplied by the webapp: | | Reading of Arbitrary files | | Deletion of Arbitrary files | | Modification of Arbitrary...

security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

CVE-2006-3406

The CVE-2006-3406 entry refers to a directory traversal vulnerability in QTOFileManager 1.0, specifically in the qtofm.php edit parameter. The underlying issue allows a remote attacker to modify arbitrary files by supplying a .. (dot dot) sequence, impacting potentially confidentiality and integr...

Microsoft Outlook information leak

mailto: command processor allow outlook.exe command line modification to include any system file...

Design/Logic Flaw

ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite IMSS 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe...

Design/Logic Flaw

avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files...

CVE-2006-1231

Removed by vendor...

Covert insertion-type ASP-Trojan-vulnerability warning-the black bar safety net

Get website the webshell, if the administrator found, then your horse is useless, deleted! Administrators are also not are exists to eat, so we have to hide our WEBSHELL, the following is about ASP insert-Trojan several the use of method is not easy to be foundOh I got a webshell to everyone to d...

bug in oscomerce

Advisory 2 Title: file Modification in osCommerce Author: 0ozeuso0 Contact: [email protected] Website: olimpusklan.org Date: 27/12/2005 Risk: High Vendor Url: http://www.oscommerce.com/ Affected Software: osCommerce Non Affected: We Are: Olimpus KlaN TECHNICAL INFO...

From the background to give the webshell tips great summary-vulnerability warning-the black bar safety net

Foreword Moving webonexploit, I believe we scored a lot of chickens. Can say ismoving weblet upfile. asp Upload file filter is not strict. vulnerabilitysho ran the world, Now thisvulnerabilityhas been substantially more difficult to meet, do not rule out some small sites still exist for...

Break SSS technology blockade-vulnerability warning-the black bar safety net

Recently is really too busy, while the countersunk finishing school to be turned over tothe networkthe security research topic, while in the online to clean up the malicious website. I love machine follow me were non-stop, no how much rest of time okay my machine is a dual Xeon in theservice, ha...

CVE-2005-3349

GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file...

CVE-2005-3321

Affected software: SuSE Linux 9.0–10.0. Vulnerable component: chkstat. Local users can cause weaker file permissions by creating a hardlink to a file from a world-writable directory, which reduces the link count to 1 when the original file is deleted or replaced, after which chkstat updates permi...

CVE-2005-3111

The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack...

CVE-2004-2426

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. dot dot in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying...

CVE-2001-1525

The CVE-2001-1525 vulnerability affects easyNews 1.5 and earlier, where the comments action is vulnerable to directory traversal. An attacker can modify files such as news.dat and template.dat by supplying a ".." in the cid parameter, indicating a path traversal through the comments functionality...

php security update

CentOS Errata and Security Advisory CESA-2005:564 Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTT...

CVE-2005-1759

Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751...

CVE-2005-1759

Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751...