292 matches found
CVE-2008-0459
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the update parameter...
CVE-2008-0459
CVE-2008-0459 affects Liquid-Silver CMS 0.35. A directory traversal flaw in update/index.php allows remote attackers to include and execute arbitrary local files via .. in the update parameter when magic_quotes_gpc is disabled. Root cause: inadequate input sanitization leading to local file inclu...
Liquid-Silver CMS 'update/index.php'本地文件包含漏洞
BUGTRAQ ID: 27425 CNCAN ID:CNCAN-2008012403 Liquid-Silver CMS是一款基于PHP的WEB应用程序。 Liquid-Silver CMS不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'update/index.php'脚本对用户提交的'update'参数处理缺少充分过滤,提交本地系统文件作为包含对象,可导致以WEB权限查看系统文件内容。 Liquid-Silver CMS Liquid-Silver CMS 0.3 目前没有详细解决方案提供:...
liquidsilver-lfi.txt
Liquid-Silver CMS Local File Inclusion Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=171166 author : Stack-Terrorist v40 foor read a php file ?update=name of file iwthout php for execute exploit does not write extention of file exploit : /Script/update/index.php?update=/nam...
Liquid-Silver CMS 0.1 (update) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= Liquid-Silver CMS 0.1 update Local File Inclusion Vulnerability ================================================================= Liquid-Silver CMS Local File Inclusion...
Liquid-Silver CMS 0.1 - update Local File Inclusion
Liquid-Silver CMS 0.1 - update Local File Inclusion Liquid-Silver CMS Local File Inclusion Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=171166 author : Stack-Terrorist v40 foor read a php file ?update=name of file iwthout php for execute exploit does not write extention of...
Liquid-Silver CMS 0.1 - 'update' Local File Inclusion
Liquid-Silver CMS Local File Inclusion Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=171166 author : Stack-Terrorist v40 foor read a php file ?update=name of file iwthout php for execute exploit does not write extention of file exploit : /Script/update/index.php?update=/nam...
Unfixed XSS vulnerability at www.liquidlibrary.com
Security researcher kusomiso.com, has submitted on 10/09/2007 a cross-site-scripting XSS vulnerability affecting www.liquidlibrary.com, which at the time of submission ranked 209776 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/09/2007. It...
AWF (Adaptive Website Framework) vuln.
AWF Adaptive Website Framework vuln. Vuln. discovered by : r0t Date: 17 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html vendor:http://www.awf-cms.org affected version:2.10 and prior Product Description: AWF Adaptive Website Framework by Liqu...
CVE-2003-0733
Multiple cross-site scripting XSS vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via 1 a forward instruction to the Servlet container...
Liquid War 5.4.5/5.5.6 - HOME Environment Variable Buffer Overflow
// source: https://www.securityfocus.com/bid/8629/info Liquid War has been reported prone to a buffer overflow condition when handling HOME environment variables of excessive length. The issue presents itself, due to a lack of sufficient boundary checks performed on data contained in the HOME...
CVE-2003-0733
The CVE-2003-0733 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting WebLogic products: WebLogic Integration 7.0/2.0, Liquid Data 1.1, and WebLogic Server/Express 5.1–7.0. The root cause is XSS in the WebLogic Console and related servlet handling, allowing remote attack...