CVE-2007-1743

suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vend...

CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

CVE-2007-1741

Multiple race conditions in suexec in Apache HTTP Server httpd 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that th...

CVE-2007-1914

The RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information external RFC server configuration data via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague...

CVE-2007-0625

nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service...

Buffer overflow

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

GLSA-200611-05 : Netkit FTP Server: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200611-05 Netkit FTP Server: Privilege escalation Paul Szabo reported that an incorrect seteuid call after the chdir function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, f...

Hacking tutorials series of micro-PHP Trojan explore-exploit warning-the black bar safety net

This article is nothing special, only required to initiate it. And gave and I did the dishes in PHP the door and wandering friend. Just learning PHP in a few days, I would rush to work, so there are errors and inadequacies Please a positive note. PHP syntax powerful is ASP in the dust, only one:...

FreeBSD : twiki -- multiple file extensions file upload vulnerability (a876df84-0fef-11db-ac96-000c6ec775d9)

A TWiki Security Alert reports : The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en,...

twiki -- multiple file extensions file upload vulnerability

A TWiki Security Alert reports: The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en,...

FreeBSD : coppermine -- Multiple File Extensions Vulnerability (0b628470-e9a6-11da-b9f4-00123ffe8333)

Secunia reports : Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

Ubuntu 5.04 / 5.10 : mysql-dfsg vulnerability (USN-274-2)

USN-274-1 fixed a logging bypass in the MySQL server. Unfortunately it was determined that the original update was not sufficient to completely fix the vulnerability, thus another update is necessary. We apologize for the inconvenience. For reference, these are the details of the original USN : A...

CVE-2003-1297

Easy File Sharing EFS Web Server 1.2 stores the 1 option.ini aka options.ini file and 2 log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration,...

Test both the JSP environment the following security vulnerabilities-vulnerability warning-the black bar safety net

Author: xy7BCT The first test JSP program vulnerabilities, to be exact is a server poor configuration leading to security risks, wrong place hope everyone noted it!!! Previously in some articles on the see on the JSP site storm any files of the original code of the vulnerability, and today finall...

Information disclosure

U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password...

Technical Note by Amit Klein: "XST Strikes Back"

Technical note XST Strikes Back or perhaps "Return from the Proxy"... Amit Klein, January 2006 Introduction ============ About three years ago, the concept of "Cross Site Tracing" 1 was introduced to the web application security community. In essence, the classic XST is about amplifying an existi...

ListManager < 8.9b Multiple Vulnerabilities

The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager installed on the remote host is affected by a number of input validation flaws. An unauthenticated attacker may be able to exploit these issues to...