The Central People's Government portal gov. cn small BUG-vulnerability warning-the black bar safety net

To view the source file. Didn't find the asp. Home like The are htm. Then just find a linkhttp://www. gov. cn/banshi/wjrs/lssf. htm. There is a search, I see the source of the file also didn't find the action words. It seems like there is a jsp linkslater found. And then enterscriptalert"wolf...

flat.txt

Description: A PHP Website Engine not using any database. Support for different languages. Using the directory-structure for menue creation. Directory names are the menue topicscategories, filenames beneath are menue items. XHTML compliant. Supports Modules like P version: flatCMS 1.01 vendor:...

CuteNews 1.4.0 - Shell Injection Remote Command Execution

CuteNews 1.4.0 - Shell Injection Remote Command Execution ?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with th...

Zorum 3.5 remote code execution poc exploit

Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. author site: http://zorum.phpoutsourcing.com/ 1...

Community Link Pro login.cgi file Parameter Arbitrary Command Execution

The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'login.cgi' script of shell metacharacters before using it to run a command. An unauthenticated attacker can...

ViRobot Advanced Server 2.0 (addschup) Remote Cookie Exploit

Exploit for linux platform in category remote exploits ============================================================ ViRobot Advanced Server 2.0 addschup Remote Cookie Exploit ============================================================ !/usr/bin/perl ViRobot 2.0 remote cookie exploit - ala addsch...

CVE-2004-2113

BremsServer 1.2.4 is affected by an XSS vulnerability that allows a remote attacker to inject arbitrary web script or HTML via the URL. The impact is partial integrity violation with no confidentiality or availability impact as per the CVE metrics; no specific exploit details or patches are provi...

McNews 1.x - install.php Arbitrary File Inclusion

McNews 1.x - install.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. This...

Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion

There is a version of Form Mail Script, a PHP script by Ralf Stadtaus, installed on the remote host that suffers from a remote file include vulnerability involving the 'scriptroot' parameter of the 'inc/formmail.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...

[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities

SIG^2 Vulnerability Research Advisory RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities by Tan Chew Keong Release Date: 01 Mar 2005 ADVISORY URL http://www.security.org.sg/vuln/raidenhttpd1132.html SUMMARY RaidenHTTPD Server http://www.raidenhttpd.com/en/index.html is a...

CoolForum Multiple SQL Injections

The version of CoolForum, a bulletin-board application written in PHP, installed on the remote host fails to sanitize input to several parameters to scripts in the 'admin' directory before using it in database queries. An attacker could leverage these issues to manipulate SQL queries or attack th...

AWStats: Remote code execution

Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...

CVE-2004-2200

Cross-site scripting XSS vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text...

Debian DSA-033-1 : analog - buffer overflow

The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form...

FUll Path Disclosure in YABBSE

ECHOADV05$2004 --------------------------------------------------------------------------- FUll Path Disclosure in YABBSE --------------------------------------------------------------------------- Author: y3dips Date: August, 25th 2004 Location: Indonesia, Jakarta Web:...

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1701.prm...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1696.prm...

IRM Security Advisory 9

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...

PostNuke 0.7x - Install Script Administrator Password Disclosure

source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an...