Вышел PHP 5.3.4

ChangeLog Выпуск новой версии не был бы настолько примечателен, если бы не следующая строчка в ченджлоге: Цитата: Paths with NULL in them foo\0bar.txt are now considered as invalid. Rasmus --- Видимо усечение пути нулл-байтом теперь останется в прошлом. Решение проблемы на примере функции file: S...

File inputs can disclose the path to selected files – Opera Security Advisories

File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...

Ubuntu: Security Advisory (USN-953-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : fastjar vulnerability (USN-953-1)

Dan Rosenberg discovered that fastjar incorrectly handled file paths containing '..' when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security ha...

USN-953-1: fastjar vulnerability

Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges...

Phreebooks 2.0 - Local File Inclusion

Advisory Name: Local File Inclusion in Phreebooks v2.0 Internal Cybsec Advisory Id: Vulnerability Class: Local File Inclusion Release Date: 2010-05-26 Affected Applications: Phreebooks v2.0 Affected Platforms: Any running Phreebooks v2.0 Local / Remote: Remote Severity: Medium – CVSS: 5...

SAP BusinessObjects 'HappyAxis2.jsp' Information Disclosure

The SAP BusinessObjects installation on the remote web server is leaking information via '/BusinessProcessBI/axis2-web/HappyAxis.jsp'. This page contains debugging information such as local file paths, operating system version, and Java version. A remote attacker could use this information to mou...

Ubuntu: Security Advisory (USN-723-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-723-1: Git vulnerabilities

It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2008-3546 It was discovered that t...

Firefox javascript arbitrary code execution

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)

Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source. Note that Tenable Network Security ha...

CVE-2007-5631

Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the currentblockmodulepath parameter to 1 AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, 2...

New ideas, make the time to black out Action Network-vulnerability warning-the black bar safety net

Today in detection of a site to guess the background of the time Suddenly came inspiration, is the program guess the background of the function used to guess the database This method theoretically can achieve The practice is also able to achieve, and I immediately also carried out in practice Use...

USN-436-1: KTorrent vulnerabilities

Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges...

security flaw

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup...

local Calendar System v1.1 (lcStdLib.inc) Remote File Include

+------------------------------------------------------------------------------------------- local Calendar System v1.1 lcStdLib.inc Remote File Include TrZiNDaN [email protected] Turkey -------------------------------------------------------------------------------------------- download :...

CVE-2006-6248

index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...

AtomixMP3 <= 2.3 Malformed M3U Buffer Overflow Exploit

No description provided by source. / ======================================================================== 0-day AtomixMP3 = v2.3 Malformed M3U Buffer Overflow PoC ======================================================================== AtomixMP3 Player/Mixer fails to properly handle large fil...

BlazeVideo HDTV Player 2.1 - .PLF Local Buffer Overflow

BlazeVideo HDTV Player 2.1 - .PLF Local Buffer Overflow / ======================================================================== 0-day BlazeVideo HDTV Player 30 days of Media Player Exploits by Greg Linares Discovered and Reported By: Greg Linares [email protected] Reported Exploit Date:...

CVE-2006-4976

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2 adodb-errorpear.inc.php, 3 adodb-iterator.inc.php, 4 adodb-pear.inc.php, 5 adodb-perf.inc.php, 6 adodb-xmlschema.inc.php, and 7 adodb.inc.php; files ...