708 matches found
SoftArtisans XFile文件管理器ActiveX控件多个缓冲区溢出漏洞
BUGTRAQ ID:30826 CVE ID:CVE-2007-1682 CNCVE ID:CNCVE-20081682 SoftArtisans XFile是一款文件传送应用程序ActiveX控件。 XFile FileManager ActiveX控件存在多个缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 由SAFmgPws.dll提供的XFile FileManager ActiveX控件处理BuildPath, GetDriveName, DriveExists,...
SoftArtisans XFile FileManager ActiveX control stack buffer overflows
Overview The SoftArtisans XFile FileManager ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SoftArtisans XFile is an ActiveX file transfer application. The XFile FileManager...
XHP CMS Version <= 0.5 File Upload Vulnerability
The remote webserver is hosting a PHP script which is vulnerable to a unrestricted file upload flaw. Description : XHP CMS is installed on the remote system. The installed application does not authenticate users to access the FileManager scripts located at:...
CVE-2008-3712
Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.2 and 4.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php and the 2...
mambo462-morexss.txt
---------------------------------------------------------------- Script : Mambo 4.6.2 Full & Older Versions Type : Multiple Cross Site Scripting Vulnerabilities Alert Level : Medium ---------------------------------------------------------------- Download From :...
CVE-2008-3591
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the symauth cookie in a /publish/filemanager/ request to index.php...
Authentication flaw
admin/filemanager/ aka the File Manager in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files...
Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...
Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload
?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
ProManager 0.73 - 'config.php' Local File Inclusion
-------------------------------------- Pro Manager 0.73 Local File Inclusion Vuln -------------------------------------- http://www.sfr-fresh.com/unix/privat/proManager-0.73.tar.gz -------------------------------------- By : Stack email : Wanted -------------------------------------- Exploit :...
CVE-2008-2267
The CVE-2008-2267 entry concerns CMS Made Simple (CMSMS) 1.2.4 and earlier, where the FileManager module’s Postlet component (javaUpload.php) uses an incomplete blacklist. This allows remote attackers to upload a file whose name ends with extensions such as .jsp, .php3, .cgi, .dhtml, .phtml, .php...
Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)
It has been discovered that the extension Frontend Filemanager airfilemanager is susceptible to Cross Site Scripting XSS attacks and allows Remote Code Execution. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions: Version...
CMS Made Simple <= 1.2.4 (FileManager module) File Upload Exploit
No description provided by source. ?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX...
cmsmadesimple-upload.txt
?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
CMS Made Simple <= 1.2.4 (FileManager module) File Upload Exploit
Exploit for unknown platform in category web applications ================================================================= CMS Made Simple = 1.2.4 FileManager module File Upload Exploit ================================================================= ?php /...
CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload
CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload ?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit ---------------------------------------------------------------------------...
CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload
?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
CVE-2008-0222
CVE-2008-0222 affects the WordPress plugin WP-FileManager 1.2, where the file ajaxfilemanager.php allows unrestricted file upload and remote code execution via unspecified vectors. The issue is caused by insecure handling of uploads, enabling attackers to upload arbitrary PHP code. Affected produ...
WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload
Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...