2198 matches found
Directory traversal
Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. dot dot in the resource parameter...
CVE-2007-2048
CVE-2007-2048 affects webMethods Glue prior to and including 6.5.1, specifically the Management Console’s /console. The vulnerability arises from insufficient validation of the resource parameter, allowing a directory traversal via .. to read arbitrary server files. Impact is reading sensitive fi...
LedgerSMB/SQL-Ledger login本地文件包含和验证绕过漏洞
SQL-Ledger/LedgerSMB是开源的ERP系统。 SQL-Ledger/LedgerSMB不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'am.pl'脚本对用户提交的'login'参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问,可导致获得目标用户敏感信息。 SQL-Ledger SQL-Ledger 2.6.26 SQL-Ledger SQL-Ledger 2.6.25 SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledge...
Microsoft Internet Explorer 6 - Local File Access
Microsoft Internet Explorer 6 - Local File Access source: https://www.securityfocus.com/bid/22621/info Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker...
[Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author: Sebastian...
CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files
The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...
avm-traversal.txt
Description The "AVM IGD CTRL Service", a Universal Plug and Play UPNP service for windows, which is part of the software package "Fritz!DSL Software 02.02.29" provides the possibility to read any file on the windows system partition for any user - no matter how much restricted rights the user...
Total Commander任意文件删除漏洞
Total Commander是一款磁盘文件管理软件。 Total Commander存在输入验证错误,本地攻击者可以利用漏洞删除任意系统文件。 问题是Total Commander处理恶意构建的RAR文件存在问题,由于输入验证问题,可导致删除或者破坏系统文件,造成拒绝服务攻击。 Total Commander Total Commander 升级程序: Total Commander Total Commander 0 Total Commander Total Commander 6.56 http://www.ghisler.com/download.htm...
Php Download Download.PHP目录遍历漏洞
Php Download是一款基于PHP的WEB应用程序,如提供下载管理。 Php Download不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Download.PHP'脚本对用户提交的WEB参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限查看系统文件内容。 Php download http://www.threesquared.net/index.php?page=portfolio&i=dllscript...
PHPBB2多个本地文件包含漏洞
PHPBB2是一款基于PHP的论坛程序。 PHPBB2不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是多个脚本对用户提交的WEB参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限查看系统文件内容。 phpBB2 phpBB2 Plus 2.0.13 + phpBB Group phpBB 2.0.13 + phpBB Group phpBB 2.0.12 http://www.phpbb2.de/...
Mac OS X Panther Internet Connect Local Root Exploit
No description provided by source. Date: 25.07.2004 Author: B-r00t. 2004. Email: B-r00t br00t blueyonder co uk Vendor: Apple Operating System: OSX Panther Possibly Previous Versions. Application: Internet Connect.app Tested: Panther 10.3.4 Internet Connect v1.3 Problem: Internet Connect allows an...
Adobe Version Cue 1.0/1.0.1 Local Root Exploit (OSX)
No description provided by source. !/usr/bin/perl Adobe Version Cue VCNativeOSX: local root exploit. by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program writes data to a log file in the current working directory while running as setuid root. the logfile is formated...
IBM AIX cfgmgr工具本地权限提升及任意文件覆盖漏洞
IBM AIX是一款商业性质的UNIX操作系统。 AIX的cfgmgr工具的实现上存在缓冲区漏洞,本地攻击者可能利用此漏洞提升权限或导致文件覆盖。 如果system组的用户提交了大于长度2K的目录路径字符串做为参数的话,就会触发这个漏洞,导致覆盖任意系统文件或以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://aix.software.ibm.com/aix/efixes/security/cfgmgrifix.tar.Z...
ipcheck.txt
Directory Traversal vulnerability in IPCheck Monitor Server -------------------------------------- Overview A directory traversal vulnerability has been identified in IPCheck Server Monitor Free/Trial/Professional, which may be exploited by potential attackers to retrieve files from the underlyin...
Symantec Brightmail AntiSpam Multiple Vulnerabilities
SUMMARY Multiple vulnerabilities have been reported in Symantec Brightmail AntiSpam. Confidential system information can be read or modified by combining these issues. Risk Impact Medium Remote | Yes ---|--- Local | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS...
Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)
Luigi Auriemma Application: Quake 3 engine http://www.idsoftware.com http://www.icculus.org/quake3/ Versions: Quake 3 = 1.32c Icculus.org Quake 3 = revision 803 other derived projects Games: exist many games which use the Quake 3 engine and probably they are all vulnerable but I'm not able and ha...
X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "X7 Chat =2.0 "helpfile" arbitrary local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "- works regardless of magicquotesgpc settings\r\n"; echo " if avatar...
CVE-2006-1355
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files...
CVE-2006-1355
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files...
[Full-disclosure] capi4hylafax insecure manipulation with tmp files
capi4hylafax suite http://freshmeat.net/projects/capi4hylafax/ is addon for hylafax fax server http://www.hylafax.org/ vulnerable: capi4hylafax-01.03.00 /probably others/ in capi4hylafax-01.03.00/src/faxrecv/faxrecv.cpp : ifdef GENERATEDEBUGSFFDATAFILE dwarning DebugSffDataFile == 0; if...