Users can be tricked into uploading unexpected files – Opera Security Advisories

Users can be tricked into uploading unexpected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If th...

PHP File Sharing System v1.5.1 Multiple Vulnerabilities

No description provided by source. Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell...

Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)

The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Network penetration copying SAM file-a vulnerability warning-the black bar safety net

First:use WinHex this software,go to disk edit, and then enter c:\windows\system32\config copy the SAM and SYSTEM to any directory can be Second:use ice edge,directly by the ice edge copy c:\windows\system32\config copy the SAM and SYSTEM to any directory can be Summary The following easy...

Fedora 10 : php-pear-Mail-1.1.14-5.fc10 (2009-12439)

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...

PulseAudio (setuid) Priv. Escalation Exploit (ubu/9.04)(slack/12.2.0)

No description provided by source. PulseAudio setuid Local Privilege Escalation Vulnerability http://www.securityfocus.com/bid/35721 Credit for discovery of bug: Tavis Ormandy, Julien Tinnes and Yorick Koster -- Put files in /tmp/pulseaudio-exp or change config.h. Must be on same fs as the...

Adobe Shockwave Player Detection (Windows SMB Login)

Detects the installed version of Adobe Shockwave Player on Windows. The script logs in via smb, searches for Adobe Shockwave Player in the registry, gets the version. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

Coppermine Photo Gallery 'lang' Cookie参数本地文件包含漏洞

Bugraq ID: 30480 CNCAN ID：CNCAN-2009052002 Coppermine Photo Gallery是一款基于WEB的图库程序。 Coppermine Photo Gallery不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 在用于包含文件钱传递给"GLOBALSUSERlang"的参数不正确过滤，可导致提交特殊请求以WEB权限查看系统文件内容。 Coppermine Photo Gallery 1.4.22 Coppermine Photo Gallery 1.4.21 Coppermine Photo Gallery...

Sun Java System Portal Server远程文件泄露漏洞

Sun Java System Portal Server是一种Web信息中心系统，用于工作协作和提供信息服务。 Sun Java System Portal Server的Web Console组件在处理用户请求时存在漏洞，远程攻击者可能利用此漏洞非授权访问到系统文件。 Sun Java System Portal Server 7.2 Sun Java System Portal Server 7.1 Sun --- Sun已经为此发布了一个安全公告（243886）以及相应补丁: 243886：Security Vulnerability Related to Sun Java...

Debian xmcd不安全临时文件建立漏洞

BUGTRAQ ID: 32288 CVE ID：CVE-2008-4994 CNCVE ID：CNCVE-20084994 Debian是一款linux发行版本。 Debian 'xmcd'不安全建立临时文件，本地攻击者可以利用漏洞破坏系统文件，造成拒绝服务攻击。 问题是在/tmp目录中不安全建立临时文件，通过符号链接可以用户进程权限覆盖目标系统文件，造成拒绝服务，也可能导致特权提升。 Debian xmcd 2.6 -19.3 升级到最新版本： http://packages.debian.org/lenny/xmcd...

pppblog-disclose.txt

pppBlog = 0.3.11 randompic.php System File Disclosure Vulnerability url: http://sourceforge.net/projects/pppblog/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Auth...

pppBlog 0.3.11 - File Disclosure

pppBlog 0.3.11 - File Disclosure pppBlog = 0.3.11 randompic.php System File Disclosure Vulnerability url: http://sourceforge.net/projects/pppblog/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational...

Epic Games Unreal Tournament 3 UT3 WebAdmin目录遍历漏洞

BUGTRAQ ID: 31272 CNCAN ID：CNCAN-2008092305 Unreal Tournament 3 UT3是一款基于Unreal引擎的游戏程序，包含内部WEB服务程序。 Unreal Tournament 3 UT3包含的管理员接口不正确过滤用户输入，远程攻击者可以利用漏洞以WEB权限查看web root外的文件内容。 提交类似如下的请求，可绕过WEB ROOT限制，以WEB权限查看系统文件内容： GET /images/../../UTGame/Config/UTGame.INI HTTP/1.0 Host: localhost Epic Games UT3...

Amarok 'MagnatuneBrowser::listDownloadComplete()'不安全临时文件建立漏洞

BUGTRAQ ID: 30662 CNCAN ID：CNCAN-2008081412 Amarok是一款Linux/Unix平台下的音乐播放器。 Amarok不安全处理临时文件，本地攻击者可以利用漏洞通过符号链接攻击破坏系统文件。 问题存在于'MagnatuneBrowser::listDownloadComplete'函数中，由于不安全建立临时文件，攻击者通过符号链接以用户进程权限覆盖系统的任意文件，造成拒绝服务或特权提升。 Amarok 1.4.9 1 目前没有解决方案提供： http://amarok.kde.org/...

CMS little (index.php template) Local File Inclusion Vulnerability

No description provided by source. ====================================================================== CMS little index.php template Local File Inclusion Vulnerability ====================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...

CMS little (index.php template) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== CMS little index.php template Local File Inclusion Vulnerability ================================================================== ,--^----------,--------,-----,-------^--...

Galmeta Post CMS 0.2 Multiple Local File Inclusion Vulnerabilities

No description provided by source. ================================================================== Galmeta Post CMS Multiple Local File Inclusion Vulnerabilities ================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' |...

Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1)

Keller Web Admin CMS 0.94 Pro - Local File Inclusion 1 =========================================================== Keller Web Admin CMS Local File Inclusion Vulnerability =========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | ...

Keller Web Admin CMS 0.94 Pro Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ Keller Web Admin CMS 0.94 Pro Local File Inclusion Vulnerability ================================================================ ,--^----------,--------,-----,-------^--, |...

thaiquickcart-lfi.txt

===================================================================== ThaiQuickCart COOKIE:sLanguage Local File Inclusion Vulnerability ===================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground...