CVE-2005-3557

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. dot dot in the selected%5B%5D parameter in an HTTP POST request...

CVE-2005-3557

Technical details about CVE-2005-3557 are not publicly provided in the connected documents. No affected versions, root cause, exploit info, or remediation are specified here. Monitor for updates.

Cherokee POST request DoS

The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to remote denial of service vulnerability when handling a specially-crafted HTTP 'POST' request. An attacker may exploit this flaw to disable this service remotely. OpenVAS...

Novell NetWare HTTP POST Perl Code Execution Vulnerability

Novell Netware contains multiple default web server installations. The Netware Enterprise Web Server Netscape/IPlanet has a perl handler which will run arbitrary code given to in a POST request version 5.x through SP4 and 6.x through SP1 are effected. OpenVAS Vulnerability Test $Id:...

myServer POST Denial of Service

This version of myServer is vulnerable to remote denial of service attack. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite th...

CVE-2004-2517

The OpenVAS entries confirm a concrete issue in myServer 0.7.1: a remote denial-of-service caused by sending a specially crafted HTTP POST to index.html with View=Logon, leading to the server crash or stop in responding. Affected component is the HTTP POST handling for the Logon operation; the vu...

CVE-2004-2517

myServer 0.7.1 allows remote attackers to cause a denial of service crash via a long HTTP POST request in a View=Logon operation to index.html...

EasyGuppy 4.5.44.5.5 - Printfaq.php Directory Traversal

EasyGuppy 4.5.44.5.5 - Printfaq.php Directory Traversal source: https://www.securityfocus.com/bid/14984/info EasyGuppy is prone to a directory traversal vulnerability. The application fails to properly sanitize input supplied through HTTP POST requests or cookies. Exploitation of this vulnerabili...

Hesk 0.920.93 - Session ID Authentication Bypass

Hesk 0.920.93 - Session ID Authentication Bypass source: https://www.securityfocus.com/bid/14879/info Hesk is prone to an authentication bypass vulnerability. Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive...

CuteNews 1.4.0 - Shell Injection Remote Command Execution

CuteNews 1.4.0 - Shell Injection Remote Command Execution ?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with th...

CVE-2005-2799

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request...

CVE-2005-2912

Linksys WRT54G router allows remote attackers to cause a denial of service CPU consumption and server hang via an HTTP POST request with a negative Content-Length value...

CVE-2005-2912

CVE-2005-2912 affects Linksys WRT54G Wireless Router. The vulnerability is a denial-of-service condition caused by sending an HTTP POST request with a negative Content-Length, leading to CPU consumption and the web server hanging. Devices running affected firmware are prone to this DoS. The provi...

MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections

MyBulletinBoard MyBB 1.0 - Multiple SQL Injections source: https://www.securityfocus.com/bid/14762/info MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful...

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

[Full-disclosure] User privilege escalation exploit.

Vendor: CyberSource Version: Business Center, Essentials/Small Business, https://businesscenter.cybersource.com/ Severity: Vulnerability allows malicious employees or comprimised accounts to steal money. Vendor Status: Notified, expects to fix issue some time in 2006. Overview: Business Center is...

CVE-2002-2081

cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service disk consumption via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp...

WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection

!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...

CVE-2005-1708

templates.admin.users.userformprocessing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true...