DEBIAN-CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

Design/Logic Flaw

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...

CVE-2012-4873

Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2012-3410

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...

Stack overflow

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...

CVE-2012-3410

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...

CVE-2012-2687

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2012-2687

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2012-2969

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

Cross site request forgery (csrf)

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

php: $_FILES array indexes corruption

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...

DEBIAN-CVE-2012-0210

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a 1 .dsc or 2 .changes file...

DEBIAN-CVE-2012-0211

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original .orig source tarball of a source package...

phpAcounts v. 0. 5. 3 SQL injection and fix-vulnerability warning-the black bar safety net

Author: loneferret Affected version: 0.5.3 Developer address: http://phpaccounts.com/ Test platform: Ubuntu Server 11.10 Old app, still fun. Auth. Bypass: http://www.xxx.com /phpaccounts/index.php Username: x' or '1'='1' Password: whatever Upload php shell in preferences Letterhead image upload...

WordPress Plugin MM Forms Community 2.2.6 - Arbitrary File Upload

WordPress Plugin MM Forms Community 2.2.6 - Arbitrary File Upload Description : Wordpress Plugins - MM Forms Community Arbitrary File Upload Vulnerability Version : 2.2.5 - 2.2.6 Link : http://wordpress.org/extend/plugins/mm-forms-community/ Plugins :...

Wordpress MM Forms Community Plugin 2.2.6 Arbitrary File Upload

Exploit for php platform in category web applications Description : Wordpress Plugins - MM Forms Community Arbitrary File Upload Vulnerability Version : 2.2.5 - 2.2.6 Link : http://wordpress.org/extend/plugins/mm-forms-community/ Plugins :...

WordPress Plugin MM Forms Community 2.2.6 - Arbitrary File Upload

Description : Wordpress Plugins - MM Forms Community Arbitrary File Upload Vulnerability Version : 2.2.5 - 2.2.6 Link : http://wordpress.org/extend/plugins/mm-forms-community/ Plugins : http://downloads.wordpress.org/plugin/mm-forms-community.zip Date : 24-05-2012 Google Dork :...