WebSVN 2.0 - Cross-Site Scripting File Handling Code Execution

WebSVN 2.0 - Cross-Site Scripting File Handling Code Execution WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS...

CVE-2008-4401

ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with 1 the FileReference.browse operation in the FileReference upload API or 2 the FileReference.download operation in the FileReference download API, which allows remote attackers to create ...

CVE-2008-3737

Unspecified vulnerability in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact...

CVE-2008-3534

The shmemdeleteinode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service system crash via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to...

HP Instant Support HPISDataManager.dll ActiveX Control < 1.0.0.24 Vulnerabilities

The remote host contains several ActiveX controls in HP Instant Support HPISDataManager.dll, a web-based diagnostic tool from Hewlett-Packard. The version of the controls installed on the remote host reportedly are affected by several issues. If an attacker can trick a user on the affected host...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

CVE-2007-1112

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the a AXKLPROD60Lib.KAV60Info AxKLProd60.dll and b AXKLSYSINFOLib.SysInfo AxKLSysInfo.dll ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the 1 DeleteFile,...

CVE-2007-1112

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the a AXKLPROD60Lib.KAV60Info AxKLProd60.dll and b AXKLSYSINFOLib.SysInfo AxKLSysInfo.dll ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the 1 DeleteFile,...

CVE-2006-6897

Technical details for CVE-2006-6897 are not publicly provided in the connected documents you supplied. Monitor for updates.

Oracle 9i10g - utl_file FileSystem Access

Oracle 9i10g - utlfile FileSystem Access -- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an example file system access suite for Oracle based on the utlfile -- package...

Oracle 9i10g - readwriteexecute ation Suite

Oracle 9i10g - readwriteexecute ation Suite -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an exploitation suite for Oracle written in Java. Use it to -- read/write fil...

CVE-2003-1298

CVE-2003-1298 : Affected software is AnyPortal(php) with the vulnerable file siteman.php3. The issue is directory traversal ("./.." traversal) that enables remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory. This is described in the CVE ...

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

Design/Logic Flaw

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

CVE-2006-1119

CVE-2006-1119 concerns the Fantastico component integrated with cPanel . The issue arises when Fantastico does not properly handle operations with insufficient permissions, allowing remote authenticated users to cause a PHP error message that leaks the full pathname. The vulnerability is characte...

Parsing Asp. net Trojan file operations-vulnerability warning-the black bar safety net

Start Asp. net Trojan EvilSpy of preparation, name is boss ice blood to play, quite good. This article main introduce Asp. net Trojan file operation function of the specific implementation. You want to write Asp. net Trojan, the first to import the name space System. IO. The name space System. IO...

Linux Kernel 2.6.x - INVALIDATE_INODE_PAGES2 Local Integer Overflow

Linux Kernel 2.6.x - INVALIDATEINODEPAGES2 Local Integer Overflow / source: https://www.securityfocus.com/bid/15846/info Linux kernel is prone to a local integer-overflow vulnerability. A successful attack can result in a kernel crash. Arbitrary code execution may be possible as well, but this ha...

WebLogic management servlet

The remote web server is WebLogic An internal management servlet which does not properly check user credential can be accessed from outside, allowing a cracker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0...

CVE-2005-2211

Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR...