CMSQLite <= 1.2 c参数SQL注入漏洞

CMSQLite是基于PHP和SQLite的内容管理系统。 CMSQlite的index.php页面存在SQL注入漏洞： ifisset$GET'c' $contentId=$GET'c'; else if $seourl $arrArticleInfo = $SYSTEM-resolveURL$SERVER'REQUESTURI', $langId; ifempty$arrArticleInfo $contentId=1; else $contentId = $arrArticleInfo0'articleId'; $module = $arrArticleInfo0'module';...

CMSQLite &lt;= 1.2 mod参数本地文件包含漏洞

CMSQLite是基于PHP和SQLite的内容管理系统。 CMSQlite的index.php页面存在本地文件包含漏洞： / SET MODULE / ifisset$GET'mod' $module=$GET'mod'; else $module="index"; ... iffileexists"template/".$module.".php" include "template/".$module.".php"; else include "template/index.php"; 通过更改mod URL参数就可以包含webserver上的任意文件，导致泄漏敏感信息。...

Bitrac 1.25.0.2500个人博客系统上传漏洞

Bitrac 正式版本，Bitrac 是基于 ASP.NET 2.0 + SQLite 的单用户博客程序，内置 URLRewrite 和页面压缩功能，支持 MetaWeblogAPI，自写的 HTML 模板引擎，方便修改风格，完全的可视化编辑环境。 首先说一下Bitrac在线升级顺序。 在后台请求 升级 Control.ashx Automat string sCode = SiteFun.RandomStr9; AdmStat.SetLockFilesCode; 在网站Errors目录随机生成一个.lock 文件,同时文件名记录在 Autoset.Cookie + "Lock"...

PHP 5.2.x < 5.2.14, 5.3.x < 5.3.3 Multiple RCE Vulnerabilities

PHP is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php";...

CVE-2010-1868

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

Code injection

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

CVE-2010-1868

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

CVE-2010-1868

CVE-2010-1868 affects PHP 5.2.x (through 5.2.13) and 5.3.x (through 5.3.2). The vulnerability occurs in ext/sqlite/sqlite.c functions sqlite_single_query and sqlite_array_query, where calling with an empty SQL query can trigger access to uninitialized memory, potentially allowing context-dependen...

CVE-2010-1868

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

LightNEasy 3.1.x File Upload / Disclosure / Local File Inclusion

Title: LightNEasy 3.1.x Multiple Vulnerabilites Vendor: http://lightneasy.org/ Dork: "Powered by LightNEasy" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability46.htm...

SQLite Browser v2.0b1 Local DoS Vulnerability

No description provided by source. Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is th...

SQLite Browser 2.0b1 - Local Denial of Service

Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is the SQL query processor engine, it...

SQLite Browser v2.0b1 Local DoS Vulnerability

Exploit for unknown platform in category dos / poc ============================================= SQLite Browser v2.0b1 Local DoS Vulnerability ============================================= Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows X...

SQLite Browser 2.0b1 - Local Denial of Service

SQLite Browser 2.0b1 - Local Denial of Service Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. T...

php 5.2.1 qlite-decode-binary 缓冲区溢出漏洞

No description provided by source...

SLES11: Security update for libqt4

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: libqt4 libqt4-qt3support libqt4-sql libqt4-sql-sqlite libqt4-x11 More details may also be found by searching for the SuSE Enterprise Server 11 patch database...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...

[SECURITY] Fedora 11 Update: rubygem-rails-2.3.2-5.fc11

Rails is a framework for building web-application using CGI, FCGI, modruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...