777 matches found
CVE-2007-5631
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the currentblockmodulepath parameter to 1 AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, 2...
New ideas, make the time to black out Action Network-vulnerability warning-the black bar safety net
Today in detection of a site to guess the background of the time Suddenly came inspiration, is the program guess the background of the function used to guess the database This method theoretically can achieve The practice is also able to achieve, and I immediately also carried out in practice Use...
USN-436-1: KTorrent vulnerabilities
Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges...
security flaw
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup...
local Calendar System v1.1 (lcStdLib.inc) Remote File Include
+------------------------------------------------------------------------------------------- local Calendar System v1.1 lcStdLib.inc Remote File Include TrZiNDaN [email protected] Turkey -------------------------------------------------------------------------------------------- download :...
CVE-2006-6248
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...
BlazeVideo HDTV Player 2.1 - .PLF Local Buffer Overflow
BlazeVideo HDTV Player 2.1 - .PLF Local Buffer Overflow / ======================================================================== 0-day BlazeVideo HDTV Player 30 days of Media Player Exploits by Greg Linares Discovered and Reported By: Greg Linares [email protected] Reported Exploit Date:...
AtomixMP3 <= 2.3 Malformed M3U Buffer Overflow Exploit
No description provided by source. / ======================================================================== 0-day AtomixMP3 = v2.3 Malformed M3U Buffer Overflow PoC ======================================================================== AtomixMP3 Player/Mixer fails to properly handle large fil...
CVE-2006-4976
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2 adodb-errorpear.inc.php, 3 adodb-iterator.inc.php, 4 adodb-pear.inc.php, 5 adodb-perf.inc.php, 6 adodb-xmlschema.inc.php, and 7 adodb.inc.php; files ...
Full path disclosure in Webcalendar 1.1.0-CVS
Full path disclosure in webcalendar Author : Rusydi Hasan M a.k.a : cR45H3R Location : Indonesia, Cilacap Date : March,28th 2006 Version : 1.1.0-CVS --- software description WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes. ---...
WS FTP Server DoS Vulnerability (Nov 2005)
WSFTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2005-2673 · Postnuke · Postnuke
Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the...
CVE-2005-1688
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in 1 wp-content/themes/, 2 wp-includes/, or 3 wp-admin/, which reveal the path in an error message...
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument...
SBox 1.0.4 - Full Path Disclosure
source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an error message that contains path...
E-theni - Remote File Inclusion Command Execution
source: https://www.securityfocus.com/bid/6970/info E-theni may allow inclusion of malicious remote files. This is due to remote users being able to influence the include path of an external file 'paralangue.php' referenced by the 'afflistelangue.php' script. This could result in arbitrary comman...
Очередной способ получить путь к файлам через FrontPage Server
Запросив у shtml.exe из каталога vtibin несуществующий файл можно получить путь к этому файлу...