Wordpress WP Marketplace Plugin 1.5.0 - 1.6.1 Arbitrary File Upload

Exploit for php platform in category web applications Description : Wordpress Plugins - WP Marketplace Shell Upload Vulnerability Version : 1.5.0 - 1.6.1 Link : http://wordpress.org/extend/plugins/wpmarketplace/ Plugins : http://downloads.wordpress.org/plugin/wpmarketplace.zip Date : 26-05-2012...

WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload

Description : Wordpress Plugins - WP Marketplace Shell Upload Vulnerability Version : 1.5.0 - 1.6.1 Link : http://wordpress.org/extend/plugins/wpmarketplace/ Plugins : http://downloads.wordpress.org/plugin/wpmarketplace.zip Date : 26-05-2012 Google Dork : inurl:/wp-content/plugins/wpmarketplace/...

ajp-request NSE Script

Requests a URI over the Apache JServ Protocol and displays the result or stores it in a file. Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Scri...

TFTP Server for Windows 1.4 ST WRQ Buffer Overflow

This module exploits a vulnerability found in TFTP Server 1.4 ST. The flaw is due to the way TFTP handles the filename parameter extracted from a WRQ request. The server will append the user-supplied filename to TFTP server binary's path without any bounds checking, and then attempt to check this...

TFTP Server for Windows 1.4 ST WRQ Buffer Overflow

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Ubuntu: Security Advisory (USN-1419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)

It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. CVE-2012-1906 It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this t...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...

CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...

CVE-2012-0907

Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. dot dot in a filename in the neoaxiswebapplicationwin32.zip ZIP archive...

php: file path injection vulnerability in RFC1867 file upload filename

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

kernel: hfs: add sanity check for file name length

Stack-based buffer overflow in the hfsmac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service crash and possibly execute arbitrary code via an HFS image with a crafted len field...

OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability

This host is installed with OpenVAS Scanner and is prone to privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbopenvasscannerprevesclvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability Authors: Antu Sanadi...

OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability

OpenVAS Scanner is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-4167

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

Stack overflow

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

CVE-2011-4167

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities

According to its banner, the version of Apache running on the remote host does not properly escape filenames in 406 responses. A remote attacker can exploit this to inject arbitrary HTTP headers or conduct cross-site scripting attacks by uploading a file with a specially crafted name. Note that t...

KingView-Scada

Stack-Based buffer overflow in KingView 6.5.3 SCADA HMI allow remote attackers to cause a DoS or execute arbitrary code via a long filename in a read or write request. The vulnerability is caused due to a boundary error in the handling of filenames and can be exploited to cause a stack-based buff...

VBulletin 4.1.7多个远程文件包含漏洞

BUGTRAQ ID: 50455 vBulletin是一个强大灵活并可完全根据自己的需要定制的论坛程序套件。 vBulletin在实现上存在多个远程文件包含漏洞，攻击者可利用这些漏洞获取敏感信息或在服务器进程中执行任意脚本代码，控制应用程序或计算机。 VBulletin 4.1.7 厂商补丁： VBulletin --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.vbulletin.com/ http://www.example.com/vB1/api.php?apiscript=RFI...