KTorrent PHP Code Injection And Security Bypass Vulnerability

KTorrent is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site request forgery (csrf)

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...

CVE-2008-5905

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...

CVE-2008-5905

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...

CVE-2008-5905

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...

CVE-2008-5905

KTorrent (KDE BitTorrent client) is affected by CVE-2008-5905 and CVE-2008-5906 via the web interface plugin prior to 3.1.4. The vulnerability arises from an unauthenticated web interface that does not restrict access to torrent upload and does not properly sanitize request parameters, enabling r...

CVE-2008-5905

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...

CVE-2008-5905

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...

2532Gigs 1.2.2 Stable - Remote Command Execution

2532Gigs 1.2.2 Stable - Remote Command Execution ---------------------------------------------------------------- Fix / errorreporting0; $host = explode'/',$argv1; $exec = $argv2 or usage; $sock = fsockopen$host0,80; $post = "content="; $leng = strlen$post; $data = "POST /$host1/calcssedit.php...

linksys-xss.txt

Linksys WRT160N Wireless Router Double encoding XSS Vulnerability By David Gil http://www.infosec.com.mx [email protected] Using Double encoding attack you can inject XSS code into a HTTP POST request a common user can be easily cheated and compromise router password or router configuration...

DZCP (deV!L_z Clanportal) 1.4.9.6 - Blind SQL Injection

DZCP deV!Lz Clanportal 1.4.9.6 - Blind SQL Injection use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password =...

U-Mail Webmail 4.91 (edit.php) Arbitrary File Write Vulnerability

No description provided by source. U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan...

Trend Micro OfficeScan CGI programs POST request buffer overflow

Added: 10/31/2008 CVE: CVE-2008-3862 BID: 31859 OSVDB: 49275 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending specially crafted HTTP POST requests ...

Trend Micro OfficeScan CGI programs POST request buffer overflow

Added: 10/31/2008 CVE: CVE-2008-3862 BID: 31859 OSVDB: 49275 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending specially crafted HTTP POST requests ...

Trend Micro OfficeScan CGI programs POST request buffer overflow

Added: 10/31/2008 CVE: CVE-2008-3862 BID: 31859 OSVDB: 49275 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending specially crafted HTTP POST requests ...

U-Mail Webmail 4.91 - edit.php Arbitrary File Write

U-Mail Webmail 4.91 - edit.php Arbitrary File Write U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files...

U-Mail Webmail 4.91 - 'edit.php' Arbitrary File Write

U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...

7shop-upload.txt

!/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand1000 . ".php"; int.. yes i know PU! print Spoofing + + Discovered && Coded By: t0pP8uZz + + + + Contact IRC: irc.rizon.net sectalk + + Vendor not notified! Later versions maybe vuln! + + + +...

Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows

====================================================================== Secunia Research 22/10/2008 - Trend Micro OfficeScan CGI Parsing Buffer Overflows - ====================================================================== Table of Contents Affected...

CVE-2008-3862

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to...