1464 matches found
CVE-2008-0591
CVE-2008-0591 concerns Mozilla Firefox (pre-2.0.0.12) and Thunderbird (pre-2.0.0.12). The issue arises from how a delay timer protecting security-sensitive dialogs is handled; an attacker could exploit window focus changes to bypass the timer and trick a user into confirming an unsafe action (pot...
Mozilla information disclosure flaw
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...
Directory traversal
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the pagecourante parameter to the top-level URI...
Liquid-Silver CMS 0.1 (update) Local File Inclusion Vulnerability
No description provided by source. Liquid-Silver CMS Local File Inclusion Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=171166 author : Stack-Terrorist v40 foor read a php file ?update=name of file iwthout php for execute exploit does not write extention of file exploit :...
liquidsilver-lfi.txt
Liquid-Silver CMS Local File Inclusion Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=171166 author : Stack-Terrorist v40 foor read a php file ?update=name of file iwthout php for execute exploit does not write extention of file exploit : /Script/update/index.php?update=/nam...
CVE-2007-6686
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller...
CVE-2007-6624
Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the phpEx parameter...
MySpace Content Zone 'uploadgames.php'任意文件上传漏洞
MySpace Content Zone是一款基于PHP的WEB应用程序。 MySpace Content Zone不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞上传任意文件并执行。 问题是由于'uploadgames.php'脚本不安全限制用户上传文件,通过上传恶意PHP文件可导致以WEB权限执行。 peerGoal MySpace Content Zone 厂商解决方案 ------------ 目前没有解决方案提供: http://www.peergoal.com/index.php?script=myspacecontentzone...
Rejetto HTTP File Server (HFS) 2.22.3 - Arbitrary File Upload
Rejetto HTTP File Server HFS 2.22.3 - Arbitrary File Upload source: https://www.securityfocus.com/bid/26732/info HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to...
Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...
PT-2007-6341 · Phpfreelog · Phpfreelog
Name of the Vulnerable Software and Affected Versions: phpFreeLog version 0.2.0 Description: A remote file inclusion issue in log.php allows remote attackers to include and execute arbitrary files. Recommendations: For phpFreeLog version 0.2.0, at the moment, there is no information about a newer...
CVE-2007-4976
CVE-2007-4976 involves a directory traversal in Coppermine Photo Gallery (CPG) prior to or including 1.4.12. The flaw is in viewlog.php: an unsafely handled log parameter can be exploited to include and execute arbitrary local files by using ".." (dot dot). The vulnerability requires authenticati...
Remote file inclusion
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion...
Campsite 2.6.1 - 'ArticleComment.php?g_documentRoot' Remote File Inclusion
source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier versions may also be affected...
Microsoft Excel BIFF Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks...
CVE-2007-2106
The CVE-2007-2106 entry concerns Kai Content Management System (K-CMS) 1.0, where index.php is vulnerable to directory traversal via .. in the current_theme parameter, allowing local file inclusion/execution. The underlying issue is a local file inclusion via unvalidated user input in current_the...
CVE-2007-1933
CVE-2007-1933 describes multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 that allow remote attackers to include and execute arbitrary local files through a ".." in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php. The root cause is directory traversal le...
CVE-2007-1842
Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019...
Microsoft Windows Vista - Windows Mail Local File Execution
source: https://www.securityfocus.com/bid/23103/info Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link...
Microsoft Windows Vista - Windows Mail Local File Execution
Microsoft Windows Vista - Windows Mail Local File Execution source: https://www.securityfocus.com/bid/23103/info Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker mu...