342 matches found
FreeBSD : mnGoSearch buffer overflow in UdmDocToTextBuf() (87cc48fd-5fdd-11d8-80e3-0020ed76ef5a)
Jedi/Sector One reported the following on the full-disclosure list : Every document is stored in multiple parts according to its sections description, body, etc in databases. And when the content has to be sent to the client, UdmDocToTextBuf concatenates those parts together and skips metadata...
Directory traversal
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. dot dot in the 1 d and 2 f parameters...
CVE-2008-6183
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. dot dot in the 1 d and 2 f parameters...
CVE-2008-6183
CVE-2008-6183 affects My PHP Indexer 1.0. The vulnerability is in index.php where the d and f parameters can be used to perform a directory traversal using .., allowing remote attackers to read arbitrary files. The CVSSv2 base score is 7.8 (HIGH) with network access and no authentication required...
CVE-2009-0258
The Indexed Search Engine indexedsearch system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line index...
Command injection
The Indexed Search Engine indexedsearch system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line index...
CVE-2009-0258
The Indexed Search Engine indexedsearch system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line index...
CVE-2009-0258
The Indexed Search Engine indexedsearch system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line index...
myphpindexer-download.txt
My PHP Indexer 1.0 index.php Local File Download Vulnerability url: http://sourceforge.net/projects/myphpindexer/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Auth...
My PHP Indexer 1.0 (index.php) Local File Download Vulnerability
No description provided by source. My PHP Indexer 1.0 index.php Local File Download Vulnerability url: http://sourceforge.net/projects/myphpindexer/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational...
My PHP Indexer 1.0 - index.php Local File Download
My PHP Indexer 1.0 - index.php Local File Download My PHP Indexer 1.0 index.php Local File Download Vulnerability url: http://sourceforge.net/projects/myphpindexer/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for...
My PHP Indexer 1.0 (index.php) Local File Download Vulnerability
Exploit for unknown platform in category web applications ================================================================ My PHP Indexer 1.0 index.php Local File Download Vulnerability ================================================================ My PHP Indexer 1.0 index.php Local File Downlo...
My PHP Indexer 1.0 - 'index.php' Local File Download
My PHP Indexer 1.0 index.php Local File Download Vulnerability url: http://sourceforge.net/projects/myphpindexer/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Auth...
MDKA-2006:005 : kat
A number of fixes are available with this new kat update including a fix in the support of utf8 files, a number of crash situation were corrected, a double deletion that caused a crash when kat was closed was corrected, and finally the mail indexer is disabled due to problems it caused...
CVE-2006-6246
Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to 1 camera del, 2 camera edit, 3 folder/album deletion, 4 photo.move, 5 content.indexer, 6 folder.content, and possibly other...
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...
CVE-2006-1567
Cross-site scripting XSS vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter...
CVE-2006-1567
CVE-2006-1567 is a cross-site scripting (XSS) vulnerability affecting SiteSearch Indexer 3.5 and earlier, in searchresults.asp. The issue allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. The documented impact is a partial integrity compromise with no c...
CVE-2006-1567
Cross-site scripting XSS vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter...
SiteSearch Indexer 3.5 - searchresults.asp Cross-Site Scripting
SiteSearch Indexer 3.5 - searchresults.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/17332/info SiteSearch Indexer is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...