hiox-addadmin.txt

"; fclose$file; $creat = "false"; echo "New User Created Please Wait You will be Redirected to Login Page "; else echo "Enter correct Username or Password "; if$creat == "true" ? tr width=400 height...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

WISE-FTP 4.15.5.8 - FTP Client LIST Directory Traversal

WISE-FTP 4.15.5.8 - FTP Client LIST Directory Traversal source: https://www.securityfocus.com/bid/29844/info WISE-FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write...

DSA-1577-1 gforge - insecure temporary files

Bulletin has no description...

PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

No description provided by source. !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq...

PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== PHP-Nuke Platinum 7.6.b.5 dynamictitles.php SQL Injection Exploit ==================================================================== !/usr/bin/perl Inphex use...

Debian Security Advisory DSA 499-1 (rsync)

The remote host is missing an update to rsync announced via advisory DSA 499-1. OpenVAS Vulnerability Test $Id: deb4991.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 499-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities

No description provided by source. Advisory: ///////// There is another remotely exploitable flaw within software preinstalled in HP notebook machines. This time, the culprit is automatic software update tool provided by the vendor.The Potential exploitation may lead ...

CVE-2002-2353

CVE-2002-2353 concerns TFTPD32, where versions 2.50 and 2.50.2 allow a remote attacker to read or write arbitrary files by using a full pathname in GET and PUT requests. The issue is network-triggered and arises from the TFTP server’s handling of pathnames (no authentication implied in the entry)...

sphpblog051-multi.txt

Title: Simple PHP Blog sphpblog Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting X X Session Fixation X X mail CRLF Injection X Local File Inclusion +CSRF X X File Deletion +CSRF X X File Upload Vulnerability X X Code Execution +CSRF X X Legend: ...

Moderate: Red Hat Security Advisory: tar security update

Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that...

HP Digital Imaging 'hpqvwocx.dll 2.1.0.556' - 'SaveToFile()' File Write

------------------------------------------------------------------------------- HP Digital Imaging hpqvwocx.dll v. 2.1.0.556 "SaveToFile" Insecure Method url: http://www.hp.com/ author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written for educational...

NCTAudioEditor2 ActiveX DLL NCTWMAFile2.dll 2.6.2.157 - File Write

NCTAudioEditor2 ActiveX DLL NCTWMAFile2.dll 2.6.2.157 - File Write ------------------------------------------------------------------------------------------ NCTAudioEditor2 ActiveX DLL NCTWMAFile2.dll v. 2.6.2.157 "CreateFile"Insecure Method url: http://www.nctsoft.com/products/NCTAudioEditor2/...

NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write

------------------------------------------------------------------------------------------ NCTAudioEditor2 ActiveX DLL NCTWMAFile2.dll v. 2.6.2.157 "CreateFile"Insecure Method url: http://www.nctsoft.com/products/NCTAudioEditor2/ author: shinnai mail: shinnaiatautisticidotorg site:...

ShoutPro 1.5.2 - shout.php Remote Code Injection

ShoutPro 1.5.2 - shout.php Remote Code Injection ?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "...

CVE-2007-2030

The CVE-2007-2030 issue affects the lha LHA tool, specifically the lharc.c code, which does not securely create temporary files. This could allow a local attacker to read or write files by creating a file before LHA is invoked. Affected component: lharc.c in lha (no vendor/versions specified in t...

CVE-2007-1904

Directory traversal vulnerability in AOL Instant Messenger AIM 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. dot dot in a filename in a file transfer operation...

LSAT: Insecure temporary file creation

Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...