exponentCMS.txt

A number of security issues have been discovered in ExponentCMS ------------------------------------------------------------------------ --------------------- Exponent is a fully-featured, modern CMS written in PHP, that enables non-technical people to manage and update their websites with minima...

gurgens21.txt

Update: 1:02 AM 5/13/2005 Subject: " Gurgens Guest Book Password Database Vulnerability " Vulnerable version: Guest Book 2.1 Description: Guest Book is a complete solution which requires none or very little effort to set up and match existing website configuration. Control Panel with "Virtual...

trac -- file upload/download vulnerability

Stefan Esser reports: Trac's wiki and ticket systems allows to add attachments to wiki entries and bug tracker tickets. These attachments are stored within directories that are determined by the id of the corresponding ticket or wiki entry. Due to a missing validation of the id parameter it is...

7a69Adv#17 - Internet Explorer FTP download path disclosure

NOTE FOR BUGTRAQ MODERATOR Excuseme if you have recibed this mail reapeated, but I had some problems on my mail server some days ago, and I have sent this mail 3 or 4 times. Sorry : Delete this note to post to the list. Thank's you. /NOTE FOR BUGTRAQ MODERATOR -...

CuteNews News.txt writable to world

Date: August 29, 2004 Vender: http://www.cutephp.com/ Program: CuteNews Versions affected: = 1.3.6 Bug: CuteNews News.txt writable to world Type: Author: e0r www: http://www.rootthief.com/ team: !Sui-Generes !Sui Email: homicidal @ gmail . com ----------------------------- Discription: Cute news ...

CVE-2003-1017

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names...

Apache::Gallery 0.4/0.5/0.6 - Insecure File Storage Privilege Escalation

// source: https://www.securityfocus.com/bid/8561/info It has been discovered that Apache::Gallery, when using Inline C, stores shared libraries in an insecure fashion. As a result, an attacker may be capable of having malicious code linked into the Apache process. This could lead to a malicious...

Apache::Gallery 0.40.50.6 - Insecure File Storage Privilege Escalation

Apache::Gallery 0.40.50.6 - Insecure File Storage Privilege Escalation // source: https://www.securityfocus.com/bid/8561/info It has been discovered that Apache::Gallery, when using Inline C, stores shared libraries in an insecure fashion. As a result, an attacker may be capable of having malicio...

CVE-2002-1449

eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt...

PHP-Board 1.0 - User Password Disclosure

source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...

[UNIX] ADP Forum Security Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

CVE-2002-0614

PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...

PHP 4.x session spoofing

Hi, +-------------------+ | What are sessions | +-------------------+ A session ID is required to identify people. It is passed over to the browser and then is either part of the url or is stored as a cookie. With every request the browser also sends this ID over to the server which makes is...

Дырка в The Bat! (обратный путь в директориях)

Если The Bat! сконфигурирован на отдельное хранение вложенных файлов, если имя файла зашифровано согласно RFC 2047 base 64 или Quoted Printable и содержит '..' то файл будет помещен в директорию более высокого уровня, что позволяет сохранить файл в любой каталог на том же диске...

CVE-2000-0575

SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS...