chilkat-execdos.txt

Chilkat IMAP ActiveX File Execution&IE DoS www.chilkasoft.com By: e.wiZz! Info: Bosnian Idiot FTW! Site: infected.blogger.ba Greetz: suN8Hclf,Luigi and peoples from hakin9 forum In the wild... File: ChilkatMailv79.dll ProgID: ChilkatMail2.ChilkatMailMan2.1 CLSID:...

Gentoo Security Advisory GLSA 200701-11 (horde-kronolith)

The remote host is missing updates announced in advisory GLSA 200701-11. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Chilkat XML ActiveX Remote Arbitrary File Creation/Execution Exploit

No description provided by source. ----------------------------------------------------------------------------- Chilkat XML ActiveX Remote Arbitrary File Creation/Execution url: www.chilkatsoft.com File: ChilkatUtil.dll = 3.0.3.0 CLSID: 5022FAE8-B780-4B78-B8DC-1AF1145A4F42 ProgID:...

Gentoo Security Advisory GLSA 200805-01 (horde)

The remote host is missing updates announced in advisory GLSA 200805-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Chilkat XML - ActiveX Arbitrary File CreationExecution

Chilkat XML - ActiveX Arbitrary File CreationExecution ----------------------------------------------------------------------------- Chilkat XML ActiveX Remote Arbitrary File Creation/Execution url: www.chilkatsoft.com File: ChilkatUtil.dll = 3.0.3.0 CLSID: 5022FAE8-B780-4B78-B8DC-1AF1145A4F42...

CVE-2008-3195

CVE-2008-3195 affects TWiki prior to 4.2.3. The bin/configure script is vulnerable to directory traversal via the image parameter in installation steps, allowing read access to arbitrary files and potentially code execution. Public records (exploitdb, Debian security advisory DSA-1639-1, OpenVAS ...

CVE-2008-3851

CVE-2008-3851 affects Pluck CMS 4.5.2 on Windows, enabling local file inclusion via directory traversal in index.php through parameters to data/inc/themes/predefined_variables.php and data/inc/blog_include_react.php (and their blogpost/cat variants). Root cause involves improper input handling th...

Directory traversal

Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

CVE-2008-2820

Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

CVE-2008-2818

CVE-2008-2818 is a directory traversal vulnerability in Easy-Clanpage 3.0 b1 that allows remote attackers to include and execute arbitrary local files by supplying a .. in the section parameter of the default URI. The core issue is uncontrolled file path traversal, enabling partial confidentialit...

CVE-2008-2782

Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter to 1 libraryrss.php and 2 rss.php...

Akamai Red Swoosh跨站请求伪造漏洞

CVECAN ID: CVE-2008-1106 Red Swoosh是分布式的联网软件，用于增强文件传送和音频流功能。 Red Swoosh客户端在9421/TCP端口的环回接口上实现一个Web服务器监听管理命令。在这个接口上的授权是基于HTTP referer头的，referer头中包含有一些域的请求或没有referer的请求都可以获得授权。如果恶意站点伪造了HTTP referer的话，就会导致下载并执行任意URL的文件。 Akamai Red Swoosh 3322 Akamai ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Apple QuickTime SMIL qtnext Redirect File Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of SMIL text embedded in video...

eSignal 7.6 STREAMQUOTE Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl eSignal v7.6 remote exploit c VizibleSoft == http://viziblesoft.com/insect 25-mAR-2004 use IO::Socket; sub usage die"\nUsage: perl $0 host port\n"; print "\r\neSignal v7.6 remote exploit, c VizibleSoft.com\r\n"; my $ip = $ARGV0 || usage; my $port ...

Wordpress Malicious File Execution Vulnerability

========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : = 2.5.1 VENDOR :...

wpfile-exec.txt

========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : Click Active plugins...

torrent-pwnage.txt

The following are proof of concept exploits against three bittorrent clients. uTorrent' WebUI, Azurues's "HTML WebUI", and TorrentFlux. More information: http://www.rooksecurity.com/blog/?p=10 TorrentFlux v2.3Latest http://sourceforge.net/projects/torrentflux/ If you force TorrentFlux to download...

Directory traversal

Directory traversal vulnerability in pbinc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC...

Barryvan Compo Manager 0.3 - 'main.php' Remote File Include Vulnerability

Barryvan Compo Manager 0.3 'main.php' Remote File Include Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/28035/info Barryvan Compo Manager is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attack...

CVE-2008-0812

CVE-2008-0812 affects BanPro DMS 1.0. The vulnerability is a directory traversal in DMS/index.php where the action parameter can be manipulated with “..” to include and execute arbitrary files. Affected: BanPro DMS 1.0 (DMS/index.php). Impact per provided data is arbitrary file inclusion/executio...