RarCrack 0.2 - 'Filename init() .bss' (PoC)

The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for reassure me when i sayed "WHY EIP IT'S NOT...

tomcat: unexpected file deletion in work directory

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename...

Cross site scripting

Cross-site scripting XSS vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments...

Mandriva Update for wget MDVSA-2010:170 (wget)

Check for the Version of wget OpenVAS Vulnerability Test Mandriva Update for wget MDVSA-2010:170 wget Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

FreeBSD : wget -- multiple HTTP client download filename vulnerability (d754b7d2-b6a7-11df-826c-e464a695cb21)

GNU Wget version 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a...

FreeBSD : lftp -- multiple HTTP client download filename vulnerability (29b7e3f4-b6a9-11df-ae63-f255a795cb21)

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

mogepa Cms Multiple Vulnerabilities

Exploit for php platform in category web applications =================================== mogepa Cms Multiple Vulnerabilities =================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...

CVE-2010-3104

Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2010-3103

Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2010-3104

Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2010-3102

Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

Directory traversal

Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename. NOTE: some of these details are obtained from third party informatio...

Directory traversal

Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via ".." dot dot backslash sequences in a filename...

CVE-2010-3096

Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via ".." dot dot backslash sequences in a filename...

lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...

tomcat: unexpected file deletion in work directory

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename...

tomcat: unexpected file deletion in work directory

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename...

Yxbbs Forum system 3.1.0 filename parameter arbitrary File Download vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: Ver 3.1.0 vulnerability description: Yxbbs by the Y network developed a set of open source free Community Forum system program, using asp+Access SQL technical. ViewFile. Asp in the filename parameter does not have to verify and filter processing, there is a serious security issu...

ZipCentral - '.zip' Local Buffer Overflow (SEH)

Author : Jiten Pathy July 21 2010 Thanks to the http://en.wikipedia.org/wiki/PKZIP page for heelping me understand zip file format Thanks to corelanc0d3r for shredding light on these type of exploits at http://www.offensive-security.com/vulndev/quickzip-stack-bof-0day-a-box-of-chocolates/ Greetz ...

[ MDVSA-2010:128 ] lftp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:128 http://www.mandriva.com/security/ Package : lftp Date : July 6, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in...