113 matches found
HP SiteScope Log Analysis Tool Remote Privilege Escalation (uncredentialed check)
The HP SiteScope application running on the remote host is affected by a privilege escalation vulnerability due to a failure to restrict the log path within the Log Analysis Tool. A remote, authenticated attacker can exploit this flaw to read the 'users.config' file, allowing an attacker to...
Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability
This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowi...
Pimcore /misc/http-error-log _dc SQL Injection Vulnerability
Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. Pimcore /misc/http-error-log fails to properly handle the 'dc' GET parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain databa...
PT-2015-4555 · Red Hat · Redhat-Access-Plugin
Name of the Vulnerable Software and Affected Versions: Red Hat redhat-access-plugin versions prior to 6.0.3 for OpenStack Dashboard horizon Description: The issue allows remote attackers to read arbitrary files via a crafted path in the log-viewing function. Recommendations: For versions prior to...
CVE-2014-2009
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log...
OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...
PHP local file inclusion(LFI)exploit-vulnerability warning-the black bar safety net
This study main references are: http://downloads.ackack.net/LocalFileInclusion.pdf Experimental code: If you are on linux, be submitted directly to: test. php? for=/etc/passwd%0 0 to display the file. ? php include$GET'for'.‘. php’;//for testing local include vulnerability ?& gt; If it is on win,...
WhiteCat logcleaner version 1.0 [edition]
Данная утилита предназначена для системных администраторов для: 1. Контроля размера лог-файлов на сервере 2. Для проверки на уязвимость своего сервера на возможность доступа к лог-файлам сервера Любое иное использование скрипта преследуется по закону Клинеры все эти конечно круто, но во многих по...
Mandriva Update for mailgraph MDVA-2010:206 (mailgraph)
Check for the Version of mailgraph OpenVAS Vulnerability Test Mandriva Update for mailgraph MDVA-2010:206 mailgraph Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Syzygy CMS 0.3 - Local File Inclusion SQL Injection
Syzygy CMS 0.3 - Local File Inclusion SQL Injection !/usr/bin/perl Web App : Syzygy CMS 0.3 Link : http://sourceforge.net/project/downloading.php?groupid=103298&usemirror=heanet&filename=syzygycms-0.3.tar.gz&a=89932245 Remote Command Execution Exploit : Case 1: If LFI works, exploitation via Shel...
Bloginator v1a SQL Command Injection via Cookie Bypass Exploit
No description provided by source. Author = FireShot , Jacopo Vuga. Thx to = Osirys for develop the Exploitation Code with me Mail = fireshotatautisticidotorg / osirysatautisticidotorg Vulnerability = SQL Command Injection mq = off Software = Bloginator V1A Download =...
Graugon Forum 1 - id Command Injection SQL Injection
Graugon Forum 1 - id Command Injection SQL Injection !/usr/bin/perl |--------------------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...
phpMyAgenda 3.1 - '/templates/header.php3' Local File Inclusion
!/usr/bin/perl use IO::Socket; use LWP::Simple; print "\n"; print "\n"; print " \n"; print " phpMyAgenda "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$host", PeerPort="80" or die " Could not connect to host.\n\n"; print $socket "GET ".$path.$CODE." HTTP/1.1\r\n"; print $socket...