1464 matches found
CVE-2006-7134
Unrestricted file upload vulnerability in mainuser.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
Active Calendar 1.2 - 'showcode.php' Local File Inclusion
source: https://www.securityfocus.com/bid/22704/info Active Calendar is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. Version 1.2.0 is vulnerable;...
CVE-2007-1057
The CVE-2007-1057 issue affects the Net Direct client for Linux before 6.0.5 in Nortel products (Application Switch 2424, VPN 3050/3070, SSL VPN Module 1000). The vulnerability arises from extracting and executing files with insecure permissions, enabling a local attacker to exploit a race condit...
Vulnerability in Opera's use of kfmclient
The kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its MIMEtype, and performs the action assigned to that MIME typein KDE's configuration. If the file type is an executable,kfmclient may execute it.Opera will not save downloaded files with the...
wps1-rfi.txt
+-------------------------------------------------------------------- + + Wap Portal Serve 1. = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Wap Portal Server + Venedor ...........: http://www.sakic.net + Class ...............
CVE-2007-0637
CVE-2007-0637 describes a directory traversal vulnerability in the PHP script zd_numer.php for Galeria Zdjec 3.0 and earlier. An attacker can use a ".." path component in the galeria parameter to cause local file inclusion, enabling remote attackers to include and execute arbitrary local files (i...
CVE-2007-0337
CVE-2007-0337 describes a directory traversal in KGB 1.9 and earlier where sesskglogadmin.php can include and execute arbitrary local files via a .. in the skinnn parameter. The attack path involves invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the ...
CVE-2007-0337
Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a fi...
Aratix <= 0.2.2b11 (inc/init.inc.php) Remote File Include Vulnerability
+------------------------------------------------------------------------------------------- + Aratix = 0.2.2b11 inc/init.inc.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Vendor ............:...
Aratix <= 0.2.2b11 (inc/init.inc.php) Remote File Include Vulnerability
No description provided by source. +------------------------------------------------------------------------------------------- + Aratix = 0.2.2b11 inc/init.inc.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- +...
Rediff Bol Downloader允许文件下载及执行漏洞
Rediff Bol是一款即时通信工具。 Rediff Bol的Downloader控件在处理文件下载时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意命令。 Rediff Bol的Downloader控件允许任意网页下载并执行任意位置的程序而不会对其过滤,在IE中执行远程的程序时会报警,但在执行本地程序时不会有提示。 Rediff Bol Downloader 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://messenger.rediff.com/newbol/ Gregory R. Panakkal...
Aratix 0.2.2b11 - '/inc/init.inc.php' Remote File Inclusion
+------------------------------------------------------------------------------------------- + Aratix +------------------------------------------------------------------------------------------- + Details: + Aratix inc/init.inc.php does not initialize the $currentpath variable before using it to ...
rediffbol.txt
Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files Affected Program : Rediff Bol Download ActiveX ActiveX OCX Control that downloads the Rediff Bol Messenger setup and spawns it. Related URL : http://messenger.rediff.com/newbol/ Discovered by : Gregory R. Panakkal Vulnerability...
PT-2006-7435 · Rediff · Rediff Bol Downloader Activex
Name of the Vulnerable Software and Affected Versions: Rediff Bol Downloader ActiveX OCX control affected versions not specified Description: The issue allows remote attackers to execute arbitrary files and obtain sensitive information, such as usernames and pathnames, by providing a URL in the u...
Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability
No description provided by source. DeltasecurityTEAM WwW.Deltasecurity.iR Portal Name = Bubla = 1.0.0rc2 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-1.0.0rc1.tar.gz Discoverd By = DeltahackingTEAM User...
Bubla 1.0.0rc2 - '/bu/process.php' Remote File Inclusion
DeltasecurityTEAM WwW.Deltasecurity.iR Portal Name = Bubla = 1.0.0rc2 Class = Remote File Inclusion Risk = High Remote File Execution Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-1.0.0rc1.tar.gz Discoverd By = DeltahackingTEAM User In Delta Team = DavoodCracker...
Irokez CMS <= 0.7.1 Multiple Remote File Include Vulnerabilities
No description provided by source. +------------------------------------------------------------------------------------------- + Irokez CMS = 0.7.1 Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Vendor...
MTCMS 2.0 - '/admin/admin_settings.php' Remote File Inclusion
!/usr/bin/perl +------------------------------------------------------------------------------------------- + MTCMS + Requirements.......: registerglobals = on +------------------------------------------------------------------------------------------- use Getopt::Long; use URI::Escape; use...
Irokez Blog 0.7.1 - Multiple Remote File Inclusions
Irokez Blog 0.7.1 - Multiple Remote File Inclusions +------------------------------------------------------------------------------------------- + Irokez CMS +------------------------------------------------------------------------------------------- + Details: + Irokez CMS has several scripts...
MTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit
Exploit for unknown platform in category web applications =================================================================== MTCMS \n"; print "-h, --host\ttarget host\texample.com\n"; print "-f, --file\tremote file\thttp://evilsite.com/shell.php\n"; print "-d, --dir\tinstall dir\t/mtcms\n"; exit...