Flux CMS 'loadsave.php'任意文件覆盖漏洞

BUGTRAQ ID: 29618 CNCAN ID:CNCAN-2008061003 Flux CMS是一款内容管理程序。 Flux CMS 'loadsave.php'不正确验证用户输入，远程攻击者可以利用漏洞以WEB进程权限覆盖任意文件。 提交特殊构建的POST数据给'loadsave.php'脚本，可导致EB进程权限覆盖任意文件。 Flux CMS 1.5 目前没有解决方案提供： http://wiki.flux-cms.org/display/FLX/Home;jsessionid=D59E863574281A9BB6C951E073B3805C...

Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...

fluxcms-overwrite.txt

?php / ------------------------------------------------------------------------ Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ------------------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Flux CMS 1.5.0 - loadsave.php Arbitrary File Overwrite

Flux CMS 1.5.0 - loadsave.php Arbitrary File Overwrite ?php / ------------------------------------------------------------------------ Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ------------------------------------------------------------------------ author...: EgiX...

Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit

Exploit for unknown platform in category web applications ======================================================================== Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ======================================================================== ?php /...

Flux CMS 1.5.0 - &#039;loadsave.php&#039; Arbitrary File Overwrite

?php / ------------------------------------------------------------------------ Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ------------------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

CVE-2008-1572

CVE-2008-1572 concerns the Image Capture component in Apple Mac OS X prior to 10.5. The issue arises from improper handling of temporary files, allowing a local user to overwrite arbitrary files and to view images being resized by Image Capture. The vulnerability is documented in Apple’s Security...

CA Internet Security Suite - UmxEventCli.dll ActiveX Control Arbitrary File Overwrite

CA Internet Security Suite - UmxEventCli.dll ActiveX Control Arbitrary File Overwrite source: https://www.securityfocus.com/bid/29406/info A Computer Associates Internet Security Suite ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary,...

CA Internet Security Suite - &#039;UmxEventCli.dll&#039; ActiveX Control Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/29406/info A Computer Associates Internet Security Suite ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied inpu...

skk Arbitrary Code Execution Vulnerability

Overview skk Simple Kana to Kanji conversion software would create an insecure temporary file without taking proper security precautions. Impact An local attacker could overwrite arbitrary files. Solution Please refer to the 'Vendor Information' section for official remediation and take appropria...

Symantec Backup Exec for Windows Server ActiveX Control Multiple Vulnerabilities

Overview The PVATLCalendar.PVCalendar.1 pvcalendar.ocx ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server BEWS, includes the insecure Save method that mishandles strings assigned to certain properties listed below, which can be exploited to cause...

Debian DSA-1577-1 : gforge - insecure temporary files

Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2008-2283

IDAutomation ActiveX controls (IDAutomationLinear6.dll, IDAutomationDMATRIX6.DLL, IDAutomationPDF417_6.dll, IDAutomationAZTEC.dll) are affected by CVE-2008-2283. The vulnerability allows remote attackers to overwrite arbitrary files via the argument to the SaveBarCode and SaveEnhWMF methods. Affe...

IDAutomation多个条码ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID: 29204 IDAutomation是美国一家专注于自动识别、条形码技术的公司，IDAutomation的产品包括条形码编辑、识别、打印、扫描功能的字体包、软件、控件产品等。 IDAutomation带的ActiveX控件实现上存在漏洞，远程攻击者可能利用此漏洞在用户系统上写入任意文件。 IDAutomation所提供的以下条码ActiveX控件： IDAuto.BarCode.1（IDAutomationLinear6.dll） IDAuto.Datamatrix.1（IDAutomationDMATRIX6.DLL）...

CVE-2008-2266

uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression...

GLSA-200805-13 : PTeX: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200805-13 PTeX: Multiple vulnerabilities Multiple issues were found in the teTeX 2 codebase that PTeX builds upon GLSA 200709-17, GLSA 200711-26. PTeX also includes vulnerable code from the GD library GLSA 200708-05, from Xpdf GLS...

CVE-2008-1998

The NNSTAT aka SYSPROC.NNSTAT procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter...

CVE-2008-1998

The NNSTAT aka SYSPROC.NNSTAT procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter...

WatchFire Appscan 7.0 ActiveX Multiple Insecure Methods Exploit

No description provided by source. Multiple Insecure Methods in AppScan Watchfire Web Application Security v 7.0 Remote: Yes An arbitrary file overwrite has been discovered in an ActiveX control installed with the WatchFire Appscan v 7.0. by callAX - Fr33d0m Kn0wl3dg3 1s th3 r341 P0w3r HTML objec...

CVE-2008-1933

Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run...