1621 matches found
CVE-2012-2251
CVE-2012-2251 affects rssh 2.3.2 (used by Debian, Fedora and others) where, with rsync enabled, local users can bypass restricted shell via the "-e" or "--" options. The issue, per sources, yields partial confidentiality/integrity/availability impact. Fedora addressed this with rssh 2.3.4-1.fc18 ...
Official Debian and Python Wiki Servers Compromised
Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in "moin" package. According to Brian Curtin at Python Project, Hacker user some unknown...
Wordpress Valums Uploader - File Upload Vulnerability
Document Title: =============== Wordpress Valums Uploader - File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=817 Release Date: ============= 2013-01-04 Vulnerability Laboratory ID VL-ID: ==================================== 817...
WordPress Plugin Uploader - Arbitrary File Upload
WordPress Plugin Uploader - Arbitrary File Upload source: https://www.securityfocus.com/bid/57112/info The Uploader plugin for WordPress is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them. An attacker may leverage this issue to...
Wordpress Themes- vithy Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------- Wordpress Themes- vithy Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author = Zikou-16...
Wordpress Themes - Shotzz Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------- Wordpress Themes- Shotzz Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author = Zikou-16...
Wordpress Themes - yvora Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------- Wordpress Themes- yvora Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author = Zikou-16...
Wordpress Themes - felici Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------- Wordpress Themes- felici Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author = Zikou-16...
Wordpress Plugin Spotlight Your Upload Vulnerability
Exploit for php platform in category web applications . \ /| | \ \ \ \ | | | | / \ / \ | / \ / / / / / \ | / \ / / / | | | Y \ / \ | | \ /\ \ \ | | | /\ / || || /\ \ /| / /// \ /| \ // / / / / / / INDO-PENDENT HACKER http://thecrowscrew.org Exploit Title: Wordpress Plugins...
phpweb finished website full version through the kill injection vulnerability and fix-vulnerability warning-the black bar safety net
Keywords: inurl:webmall/detail. php? id Data table: pwnbaseadmin About to get shell 首先 登录 后台 admin.php See the upload. php source code analysis for an afternoon, and then about understand that although the upload where only allowed to upload gif,jpg,png,bmp four types of files, but not the file...
UvumiTools Crop 2.0.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...
MyAuth3 - Blind SQL Injection
MyAuth3 - Blind SQL Injection Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit ...
MyAuth3 Blind SQL Injection
Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdotorg | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...
QNX qconn Command Execution
This module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This module has been tested successfully on QNX Neutrino 6.5.0 x86 and 6.5.0 SP1 x86...
GLSA-201209-15 : Asterisk: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201209-15 Asterisk: Multiple vulnerabilities Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access CVE-2012-2186. An error in Asterisk could cause all RTP ports to be exhausted...
Mandrake Linux Security Advisory : cvsweb (MDKSA-2000:019)
Cvsweb contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvsweb can...
AST-2012-012: Asterisk Manager User Unauthorized Shell Access
Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On July 13, 2012 Reported By Zubair Ashraf of...
CVE-2012-3478
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
Design/Logic Flaw
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...
CVE-2012-3478
Removed by vendor...