webpa 1.1.0.1 - Multiple Vulnerabilities

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-08-23 WebPA fail'; fputs$fp, $headers; return $fp; function httprecv$fp $ret=""; while !feof$fp $ret.= fgets$fp, 1024;...

persistent xss vulnerability through uploaded files in IE8/9

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46953. panel It is possible to upload a number of file types checked by extension to an answers instance and then download them...

Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-2687 php: exifreaddata crash on corrupted JPEG files CVE-2009-3292 php: exif extension: Multiple missing sanity checks in EXIF file processing CVE-2009-3291 php: openssl extension: Incorrect verification of SSL certificate with NUL in name CVE-2009-3546 gd: insufficient input validation ...

Arasism (IR) CMS - File Upload Vulnerability

Document Title: =============== Arasism IR CMS - File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=657 Release Date: ============= 2012-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 657 Common...

Session fixation

The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, ak...

CVE-2012-2719

The CVE-2012-2719 issue affects the Drupal contributed module File Depot (filedepot) for Drupal 6.x-1.x, specifically versions before 6.x-1.3. The root cause is a session management vulnerability where, when accessed from the same IP address using multiple browsers, Internet Explorer sessions can...

Western Digitals WD TV Live SMPHub - Privilege Escalation

Western Digitals WD TV Live SMPHub - Privilege Escalation Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device...

VulnCheck KEV: CVE-2012-10064

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...

CVE-2012-1172

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...

Support Incident Tracker multiple vulnerabilities

Overview Support Incident Tracker or SiT! version 3.65, and possibly earlier versions, contain multiple vulnerabilities including; malicious file uploads, SQL injection, cross-site scripting, and cross-site request forgery. Description According to the SiT! website:"Support Incident Tracker or Si...

MediaFire Cross Site Scripting

| Title : MediaFire mediafire.com Persistent XSS | Author : Codeine | Email : f3codeineatyahoodotcom | Site : http://infosecforums.com/ | Date : 08/21/2011 | Cat : PHPXSS | URL : http://mediafire.com/ Mediafire.com suffers from a persistent XSS vulnerability within its file uploads. After a user...

Debian Security Advisory DSA 2266-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2266-1. OpenVAS Vulnerability Test $Id: deb22661.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2266-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Zero-day flaw in WordPress image utility allows to upload files and execute codes

Zero-day flaw in WordPress image utility allows to upload files and execute codes Mark Maunder, CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content. He ended up tracing the issue back to TimThumb, which he uses on his blog...

Debian DSA-2266-1 : php5 - several vulnerabilities

Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. - CVE-2010-2531 An information leak was found in the varexport function. - CVE-2011-0421 The Zip module could crash. - CVE-2011-0708 An integer overflow was...

[SECURITY] [DSA 2266-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2266-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 29, 2011 http://www.debian.org/security/faq -...

DSA-2266-1 php5 - several

Bulletin has no description...

Code injection

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file...

Drupal With Webform Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Original Date of Vendor Notification: April 19, 2011 15:15 GMT - 4:00 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The...

CMS Balitbang 3.42 Fckeditor Arbitrary File Uploads Exploit

Exploit for php platform in category web applications Author : thecybernuxbie Home : www.nuxbie.zuzzeta.us E-mail : email protected Found : 06 April 2011. Version: CMS Balitbang 3.42. Tested : Windows 7 Ultimate 32bit. Link : http://www.kajianwebsite.org/download/CMS%203.42-17082010.rar ! Dork :...

Ubuntu Update for python-django vulnerabilities USN-1066-1

Ubuntu Update for Linux kernel vulnerabilities USN-1066-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10661.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for python-django vulnerabilities USN-1066-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...