643 matches found
PostNuke 0.7x - Install Script Administrator Password Disclosure
PostNuke 0.7x - Install Script Administrator Password Disclosure source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the...
artmedic_links5 PHP Script (include path) vuln
There's a possilbity of looking at files with apache priviliges using artmediclinks5 php script. http://www.artmedic-phpscripts.de/artmediclinks.php. Vulnerability include path is in index.php, standard use: hostname/artmediclinks5/index.php?id=file or index.php?id=url I noticed there's a lot of...
Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure
Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web...
EXP_OmniHTTPd.BAT
EXPOmniHTTPd.BAT @echo off :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Application: OmniHTTPd :Vendors: http://www.omnicron.ca :Version: 0xE0 f 117 206 41 !JMPESP@w2k e 207 12 45 FA 7F !Shellcode e 20B EB 1B 5B BE 43 6F 6F 6C BF 49 43 45 21 43 39 3B e 21B 75 FB 4B 80 3...
cobain-monit.pl
!/usr/bin/perl cobain-monit.pl monit \n\n"; exit0; print "HOST:\t$ARGV0\n"; print "PORT:\t2812\n"; my $buffer = "B" x 284 . "\xcf\x89\xb3\x40" . $shellcode; esp mandrake 9.1 my $buffer = "A" x 284 . "XXXX" . "B" x 100; dos and debug print "connecting to server...\n"; $socket = IO::Socket::INET -...
FVWM 2.4.172.5.8 - fvwm_make_browse_menu.sh Scripts Command Execution
FVWM 2.4.172.5.8 - fvwmmakebrowsemenu.sh Scripts Command Execution source: https://www.securityfocus.com/bid/9922/info It has been reported that the FVWM fvwmmakebrowsemenu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which...
Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external...
Andys PHP Projects Man Page Lookup Script - Information Disclosure
Andys PHP Projects Man Page Lookup Script - Information Disclosure source: https://www.securityfocus.com/bid/9395/info A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain...
Andy's PHP Projects Man Page Lookup Script - Information Disclosure
source: https://www.securityfocus.com/bid/9395/info A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain unauthorized access to sensitive information on a system...
CVE-2003-1531
Cross-site scripting XSS vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...
SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure
The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to launch more effective attacks against the remote server. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scrip...
CVE-2002-1564
Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability...
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...
CVE-2001-1296
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...
CVE-2002-0513
The PHP administration script in poppermod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator...
SimpleChat Information Disclosure
It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...
WihPhoto sendphoto.php Traversal Arbitrary File Access
It is possible to make the remote host mail any file contained on its hard drive by using a flaw in WihPhoto's 'util/email.php' script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Refs: http://www.frog-man.org/tutos/WihPhoto.txt From: "Frog Man" To: [email protected] Subject:...
D-Forum 1 - 'header' Remote File Inclusion
source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...
CVE-2002-1986
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot "."...
CVE-2002-1361
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP Security Hardening Patch installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter...