197 matches found
WordPress Multi Plugin Installer Plugin <= 1.1.0 - Local File Traversal
Because of this vulnerability, unauthenticated attackers can read arbitrary files. Solution Update the plugin...
Multi Plugin Installer <= 1.1.0 - Unauthenticated File Traversal
The multi-plugin-installer WordPress plugin was affected by an Unauthenticated File Traversal security vulnerability...
53kf任意文件遍历漏洞
简要描述: 听说你们很给力啊,先试试水。 详细说明: 存在漏洞的地址为: http://www.53kf.com/?controller=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00login 漏洞证明: 成功猜到了nginx的配置文件,如下: 得到了网站根路径,读个robots.txt试试看 那么是不是可以代码审计了呢...
大汉网络JCMS任意文件下载
简要描述: 大汉网络文件遍历 详细说明: 漏洞Url: /jcms/m5e/module/voting/down.jsp?filename=a.txt&pathfile=/etc/passwd 下载文件: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin...
Novell NetIQ Sentinel Agent Manager NQMcsVarSet ActiveX DumpToFile() Remote Code Execution
The remote host contains the NQMcsVarSet ActiveX control distributed with Novell NetIQ Sentinel Agent Manager. The installed control is reportedly affected by a remote code execution vulnerability with the DumpToFile method where it does not properly sanitize the path for a filename. This could...
DSA-2915-2 dpkg - security update
Bulletin has no description...
DSA-2915-1 dpkg - security update
Bulletin has no description...
SDCMS某处设计缺陷导致遍历任意文件内容
简要描述: SDCMS某处设计缺陷导致遍历任意文件内容 详细说明: 1、首先看看缺陷文件: 文件/sdcms/admin/sdtheme.asp ...... 第138行: case "edit" dim filename:filename=sdcms.fget"filename",0 if notsdcms.checkstrfilename,"filename" then sdcms.echo "filename is wrong" sdcms.die end if if notsdcms.isfile"../theme/"&filename then sdcms.echo...
IBM WebSphere Sensor Events多个输入验证漏洞
BUGTRAQ ID: 53859 IBM WebSphere Sensor Events可提供创建和管理企业级传感器的中间件基础架构。 IBM WebSphere Sensor Events在实现上存在P001414 XSS、文件路径遍历、不安全HTTP方法、searchView.jsp中的deferredView.jsp XSS问题内的P001538跨站脚本执行漏洞, 攻击者可利用这些漏洞窃取Cookie身份验证凭证、执行非法操作或泄漏敏感信息。 0 IBM WebSphere Sensor Events 7.0 厂商补丁: IBM ---...
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities
Title: ====== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=487 VL-ID: ===== 487 Introduction: ============= Flatnux is no database CMS for accessible websites, corporate websites, e-commer...
Flatnux CMS 2011 08.09.2 CSRF / XSS / Directory Traversal
Title: ====== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=487 VL-ID: ===== 487 Introduction: ============= Flatnux is no database CMS for accessible websites, corporate websites, e-commer...
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities
Document Title: =============== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=487 Release Date: ============= 2012-03-31 Vulnerability Laboratory ID VL-ID: ==================================== 487...
Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities
Document Title: =============== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=487 Release Date: ============= 2012-03-31 Vulnerability Laboratory ID VL-ID: ==================================== 487...
Oracle Web Logic Node Manager UNC Path Remote File Execution
Oracle Web Logic Node Manager UNC Path Remote File Execution Posted by admin on 2012/03/16 Leave a comment 0 Go to comments Keep running into old Web Logic installations which have the file traversal http://www.securityfocus.com/bid/37926/info and UNC path remote command execution...
Chyrp 2.x - includeslibgz.php?File Traversal Arbitrary File Access
Chyrp 2.x - includeslibgz.php?File Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/48672/info Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal...
Honeywall admin interface arbitrary file read vulnerability-vulnerability warning-the black bar safety net
Publishing author: cnyouker Vulnerability type: arbitrary file traversal/download Vulnerability description: Honeywall admin interface arbitrary file read vulnerability Detailed description: admin/docs.pl for the POST of the file check is not strict. Can construct their own post package to read...
Debian Security Advisory DSA 2207-1 (tomcat5.5)
The remote host is missing an update to tomcat5.5 announced via advisory DSA 2207-1. OpenVAS Vulnerability Test $Id: deb22071.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2207-1 tomcat5.5 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian: Security Advisory (DSA-2207-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-2207-1 tomcat5.5 - several
Bulletin has no description...
[SECURITY] [DSA 2207-1] tomcat5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2207-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 30, 2011 http://www.debian.org/security/faq -...