3750 matches found
DSA-2408-1 php5 - several
Bulletin has no description...
PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)
Bugtraq ID: 51954 CVE ID:CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc,这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://bugs.php.net/bug.php?id=61043...
Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems
Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems NullSecurity Team Releases "Trixd00r v0.0.1" an advanced and invisible TCP/IP based userlandbackdoor for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magi...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)
It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. CVE-2011-4885 ATTENTION: this update changes previous PHP...
Fedora 15 : phpMyAdmin-3.4.9-1.fc15 (2011-17370)
Changes 3.4.9.0 2011-12-21 : - edit Inline editing enum fields with null shows no dropdown - interface DB suggestion not correct for user with underscore - core Magic quotes removed in PHP 5.4 - session No feedback when result is empty signon authtype - display Problems regarding ShowTooltipAlias...
Multiple vulnerabilities in OBM
No description provided by source. Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinobm.html Product: OBM Vendor: obm.org http://obm.org Vulnerable Version: 2.4.0-rc13 and probably prior Tested Version: 2.4.0-rc13 Vendor Notification: 30 November 2011 Vulnerability Type: XSS,...
BIWEB bugs and fixes-vulnerability warning-the black bar safety net
BIWEB PHP open source enterprise built Station system bug fixed version, 1. Pass to kill the contains /wap/detail.php, X, X... $objWebInit = new wap; if empty$GET'page' $intPage = 1 ; else $intPage = intval$GET'page'; if empty$GET'cpage' $intCPage = 1 ; else $intCPage = intval$GET'cpage'; if !...
VtigerCRM 5.2.1 Local File Inclusion
Vulnerability ID: HTB23054 Reference: https://www.htbridge.ch/advisory/localfileinclusioninvtigercrm.html Product: VtigerCRM Vendor: vtiger.com http://www.vtiger.com Vulnerable Version: 5.2.1 and probably prior Tested Version: 5.2.1 Vendor Notification: 19 October 2011 Vulnerability Type: Local...
Upload vulnerability filepath variable\0 0 truncation-vulnerabilities and early warning-the black bar safety net
POST /coin/upload. asp? action=upfile HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd. ms-excel, application/vnd. ms-powerpoint, application/msword, / Referer: Recently phpwind contains a vulnerability that Diamondback always...
CVE-2009-5090
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors...
WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Super CAPTCHA plugin = 2.2.4 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip Version: 2.2.4 tested...
WordPress Plugin Super CAPTCHA 2.2.4 - SQL Injection
Exploit Title: WordPress Super CAPTCHA plugin Accounts Flagged'; for$i=0;$iusers ." SET spam='1' WHERE ID='". $UIDs$i ."'"; mysqlquery"UPDATE ". $wpdb-users ." SET userstatus='1' WHERE ID='". $UIDs$i ."'"; echo'USER ID: '. $UIDs$i .' marked as spammer.';...
About Dedecms variable coverage exploits-vulnerability warning-the black bar safety net
Someone recently broke the dedecms variable coverage holes,it is also a quite interesting vulnerability, and in some cases dedecms this variable vulnerability to exist for so long in some people are many years,about six months ago I also independently discovered by 本文 [email protected] Write ...
WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit
Exploit for php platform in category web applications checkmysql$res, $query, LINE, FILE; 157. $itemtitle = mysqlresult$res, 0, 'title'; Input passed through $REQUEST'auctionid' isn't properly sanitised before being used in the SQL query at line 154. - Vulnerable code to SQL injection works with...
Nmap NSE net: http-php-version
Attempts to retrieve the PHP version from a web server. PHP has a number of magic queries that return images or text that can vary with the PHP version. This script uses the following queries: '/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42': gets a GIF logo, which changes on April Fool's Day...
dalYlak Cms SQLInjection Vulnerability
Exploit for php platform in category web applications + Exploit Title: dalYlak Cms SQLInjection Vulnerability + Author : Net.Edit0r + Data : 2011-04-26 + E-mail : email protected + Home : http://security-war.com and Black-hg.com + dork : "Powred by dalYlak.com" + Versian : All Ver + Category : We...
php 5.3.2,5.3.3存在magic_quote sql注射绕过
No description provided by source...
Eircom Netopia Router Backdoor
++++++++++++++++++++ FULL DISCLOSURE OF EIRCOM NETOPIA ROUTER BACKDOOR VULNERABILITY! Yes, failcom suck, and they did it again. DERP! They gave us a nice TELNET shell into their routers, and now we can mess about 'cos it spawns a root shell by magic! and magic is the actual command! They also lef...
'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)
'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks...
Quick Polls 1.0.1 Local File Inclusion / Deletion
'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks...