Traidnt up 2.0 - cookie Add Extension Bypass

Traidnt up 2.0 - cookie Add Extension Bypass Add Extension : milw0rm.com 2009-03-11...

CVE-2008-5547

HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extensio...

CVE-2008-5546

VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, as...

CVE-2008-5531

CVE-2008-5531 describes a family of bypasses where attackers manipulated an HTML document to defeat malware detection in IE6/IE7 by placing an MZ header (the “EXE info”) at the beginning and altering the displayed filename extension, e.g., no extension, .txt, or .jpg. The connected records indica...

Iamma Simple Gallery 1.0/2.0 - Arbitrary File Upload

Found by: X0r Iamma Simple Gallery Arbitrary File Upload Version: 1,2 ? Email: evolutionteam.x0atgmaildotcom Script Download:http://www.matteoiammarrone.com/public/modules.php?name=Downloads&dop=getit&lid=4 Script Download...

cmsWorks 2.2 RC4 (fckeditor) Remote Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ================================================================= cmsWorks 2.2 RC4 fckeditor Remote Arbitrary File Upload Exploit =================================================================...

Skype file: URI Handling Security Bypass Arbitrary Code Execution (uncredentialed check)

The version of Skype installed on the remote host reportedly uses improper logic in its 'file:' URI handler when validating URLs by failing to check for certain dangerous file extensions and checking for others in a case-sensitive manner. If an attacker can trick a user on the affected host into...

www file share pro 5.30 insecure multiple

this server that now has reached 5.30 per version still contains many elements of insecurity: does not control the file extensions loaded not figure the pass not esitone setting permits 666 777 etc. Min poc: http://gmda.altervista.org/wfsp530xpl/wfsp530exp.bat.txt...

Design/Logic Flaw

Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the 1 Core application or 2 MIME module...

CVE-2007-5401

Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions...

CVE-2007-5738

The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html...

GNUBoard上传漏洞

GNUBoard是在韩国的一个应用广泛的BBS系统，由于一些程序对输入缺少过滤，可以导致任意文件上传，甚至以WEB权限执行系统命令，WEB权限默认情况下是nobody。 GNUBoard 暂无 $source = array "/.php/", "/.htm/", "/.cgi/", "/.pl/"; $target = array ".phpx", ".htmx", ".cgix", &q...

CVE-2007-4057

Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with 1 .php.gif, 2 .php.jpg, or 3 .php.png...

CVE-2007-4026

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...

CVE-2006-6556

The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation...

Debian DSA-1125-2 : drupal - several vulnerabilities

The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common...

Update Protection against Geeklog Remote Code Execution Vulnerability

Geeklog is a PHP/MySQL based application for managing dynamic web content. Geeklog CMS fails to validate multiple file extensions, potentially allowing a remote attacker to upload malicious script code, which will be executed in the context of the webserver process...

ASP.NET source code disclosure

It's possible to retrieve source codes for scripts and executable, except protected file extensions...

FreeBSD : twiki -- multiple file extensions file upload vulnerability (a876df84-0fef-11db-ac96-000c6ec775d9)

A TWiki Security Alert reports : The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en,...

bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit

Exploit for unknown platform in category web applications =========================================================== bitweaver = 1.3 tmpImagePath Attachment modmime Exploit =========================================================== !/usr/bin/php -q -d shortopentag=on ? echo "bitweaver = v1.3...