Lucene search
K

2198 matches found

Prion
Prion
added 2007/04/16 10:19 p.m.15 views

Directory traversal

Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. dot dot in the resource parameter...

5CVSS7.1AI score0.03828EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2007/04/16 10:0 p.m.55 views

CVE-2007-2048

CVE-2007-2048 affects webMethods Glue prior to and including 6.5.1, specifically the Management Console’s /console. The vulnerability arises from insufficient validation of the resource parameter, allowing a directory traversal via .. to read arbitrary server files. Impact is reading sensitive fi...

5CVSS6.7AI score0.03828EPSS
Exploits1References9Affected Software1
seebug.org
seebug.org
added 2007/03/21 12:0 a.m.22 views

LedgerSMB/SQL-Ledger login本地文件包含和验证绕过漏洞

SQL-Ledger/LedgerSMB是开源的ERP系统。 SQL-Ledger/LedgerSMB不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'am.pl'脚本对用户提交的'login'参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问,可导致获得目标用户敏感信息。 SQL-Ledger SQL-Ledger 2.6.26 SQL-Ledger SQL-Ledger 2.6.25 SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledge...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/02/20 12:0 a.m.15 views

Microsoft Internet Explorer 6 - Local File Access

Microsoft Internet Explorer 6 - Local File Access source: https://www.securityfocus.com/bid/22621/info Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker...

Exploits0
securityvulns
securityvulns
added 2007/02/12 12:0 a.m.43 views

[Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author: Sebastian...

1.5AI score
Exploits0
RubySec
RubySec
added 2007/01/22 12:0 a.m.19 views

CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

9.3CVSS8AI score0.04826EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2007/01/20 12:0 a.m.46 views

avm-traversal.txt

Description The "AVM IGD CTRL Service", a Universal Plug and Play UPNP service for windows, which is part of the software package "Fritz!DSL Software 02.02.29" provides the possibility to read any file on the windows system partition for any user - no matter how much restricted rights the user...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/01/17 12:0 a.m.30 views

Total Commander任意文件删除漏洞

Total Commander是一款磁盘文件管理软件。 Total Commander存在输入验证错误,本地攻击者可以利用漏洞删除任意系统文件。 问题是Total Commander处理恶意构建的RAR文件存在问题,由于输入验证问题,可导致删除或者破坏系统文件,造成拒绝服务攻击。 Total Commander Total Commander 升级程序: Total Commander Total Commander 0 Total Commander Total Commander 6.56 http://www.ghisler.com/download.htm...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/16 12:0 a.m.26 views

Php Download Download.PHP目录遍历漏洞

Php Download是一款基于PHP的WEB应用程序,如提供下载管理。 Php Download不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Download.PHP'脚本对用户提交的WEB参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限查看系统文件内容。 Php download http://www.threesquared.net/index.php?page=portfolio&i=dllscript...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/08 12:0 a.m.97 views

PHPBB2多个本地文件包含漏洞

PHPBB2是一款基于PHP的论坛程序。 PHPBB2不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是多个脚本对用户提交的WEB参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限查看系统文件内容。 phpBB2 phpBB2 Plus 2.0.13 + phpBB Group phpBB 2.0.13 + phpBB Group phpBB 2.0.12 http://www.phpbb2.de/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.27 views

Mac OS X Panther Internet Connect Local Root Exploit

No description provided by source. Date: 25.07.2004 Author: B-r00t. 2004. Email: B-r00t br00t blueyonder co uk Vendor: Apple Operating System: OSX Panther Possibly Previous Versions. Application: Internet Connect.app Tested: Panther 10.3.4 Internet Connect v1.3 Problem: Internet Connect allows an...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.26 views

Adobe Version Cue 1.0/1.0.1 Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl Adobe Version Cue VCNativeOSX: local root exploit. by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program writes data to a log file in the current working directory while running as setuid root. the logfile is formated...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.18 views

IBM AIX cfgmgr工具本地权限提升及任意文件覆盖漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的cfgmgr工具的实现上存在缓冲区漏洞,本地攻击者可能利用此漏洞提升权限或导致文件覆盖。 如果system组的用户提交了大于长度2K的目录路径字符串做为参数的话,就会触发这个漏洞,导致覆盖任意系统文件或以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://aix.software.ibm.com/aix/efixes/security/cfgmgrifix.tar.Z...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2006/08/27 12:0 a.m.21 views

ipcheck.txt

Directory Traversal vulnerability in IPCheck Monitor Server -------------------------------------- Overview A directory traversal vulnerability has been identified in IPCheck Server Monitor Free/Trial/Professional, which may be exploited by potential attackers to retrieve files from the underlyin...

7.4AI score
Exploits0
Symantec
Symantec
added 2006/07/27 8:0 a.m.17 views

Symantec Brightmail AntiSpam Multiple Vulnerabilities

SUMMARY Multiple vulnerabilities have been reported in Symantec Brightmail AntiSpam. Confidential system information can be read or modified by combining these issues. Risk Impact Medium Remote | Yes ---|--- Local | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS...

Exploits0Affected Software1
securityvulns
securityvulns
added 2006/06/28 12:0 a.m.45 views

Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

Luigi Auriemma Application: Quake 3 engine http://www.idsoftware.com http://www.icculus.org/quake3/ Versions: Quake 3 = 1.32c Icculus.org Quake 3 = revision 803 other derived projects Games: exist many games which use the Quake 3 engine and probably they are all vulnerable but I'm not able and ha...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2006/05/02 12:0 a.m.33 views

X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "X7 Chat =2.0 "helpfile" arbitrary local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "- works regardless of magicquotesgpc settings\r\n"; echo " if avatar...

7.1AI score
Exploits0
NVD
NVD
added 2006/03/22 2:2 a.m.11 views

CVE-2006-1355

avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files...

7.2CVSS6.6AI score0.00388EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/03/22 2:0 a.m.17 views

CVE-2006-1355

avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files...

6.6AI score0.00388EPSS
Exploits0References6
securityvulns
securityvulns
added 2006/03/08 12:0 a.m.30 views

[Full-disclosure] capi4hylafax insecure manipulation with tmp files

capi4hylafax suite http://freshmeat.net/projects/capi4hylafax/ is addon for hylafax fax server http://www.hylafax.org/ vulnerable: capi4hylafax-01.03.00 /probably others/ in capi4hylafax-01.03.00/src/faxrecv/faxrecv.cpp : ifdef GENERATEDEBUGSFFDATAFILE dwarning DebugSffDataFile == 0; if...

0.8AI score
Exploits0
Rows per page
Query Builder