64 matches found
drupal -- multiple vulnerabilities
The Drupal team reports: Vulnerability: SQL injection A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer. Vulnerability: Execution of arbitrary files Certain -- alas, typical -- configurations of...
Authentication flaw
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account...
CVE-2005-3647
The CVE-2005-3647 issue is described as a local privilege-bypass in Folder Guard. Local users can bypass protections by running from or installing to the temporary files directory. Underlying cause: the temporary files path enables bypass of protections. Impact (per CVSS): partial confidentiality...
Дырка в Brown Orifice :)
Обратный путь в директориях позволяет получение любого файла...