7696 matches found
phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion
SolpotCrew Community phpQuestionnaire 3.12 GLOBALSphpQRootDir Remote File Inclusion vendor : http://www.chumpsoft.com/products/phpq/ Bug Found By :Solpot a.k.a k. Hasibuan 21-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/solpot-adv-08.txt Greetz: choi , h4ntu ,...
CVE-2006-4803
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."...
phpQuiz 0.1 (pagename) Remote File Include Vulnerability
No description provided by source. SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact: [email protected]...
phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion
SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact: [email protected] Website :...
PHP-Fusion extract() Global Variable Overwriting
The version of PHP-Fusion on the remote host supports registering variables from user-supplied input in the event that PHP's 'registerglobals' setting is disabled, which is the default in current versions of PHP. Unfortunately, the way that this has been implemented in the version on the remote...
PmWiki < 2.1.21 Global Variables Overwriting
The version of PmWiki installed on the remote host contains a programming flaw in 'pmwiki.php' that may allow an unauthenticated remote attacker to overwrite global variables used by the application, which could in turn be exploited to execute arbitrary PHP code on the affected host, subject to t...
hlstats -- multiple cross site scripting vulnerabilities
Kefka reports multiple cross site scripting vulnerabilities within hlstats. The vulnerabilities are caused due to improper checking of variables, allowing an attacker to perform cross site scripting...
comcomprofiler.txt
--------------------------------------------------------------------------- Mambo/Joomla comcomprofiler Components == v1.0 RC 2 Multiple Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Matdhule Date : August, 25th 2006...
Bigace 1.8.2 (GLOBALS) Remote File Inclusion
Author : Vampire Location : Iran - Tehran HomePage : http://www.hackerz.ir Email : Vampirechiristofatyahoodotcom Critical Level : Dangerous ------------------------------------------------------------------------ --------------- Affected Software Description: Application : Bigace version : 1.8.2...
psraptor.txt
!/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local users the ability to see environment variables and the...
CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...
DEBIAN-CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...
Solaris 89 - usrucbps Local Information Leak
Solaris 89 - usrucbps Local Information Leak !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local users the...
Solaris 8 / 9 (/usr/ucb/ps) Local Information Leak Exploit
No description provided by source. !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi [email protected] A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged...
Solaris 8/9 - '/usr/ucb/ps' Local Information Leak
!/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local users the ability to see environment variables and the...
Solaris 8 / 9 (/usr/ucb/ps) Local Information Leak Exploit
Exploit for solaris platform in category local exploits ========================================================== Solaris 8 / 9 /usr/ucb/ps Local Information Leak Exploit ========================================================== !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $...
SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting
The installed version of SquirrelMail allows for restoring expired sessions in an unsafe manner. Using a specially crafted expired session and compose.php, a user can leverage this issue to take control of arbitrary variables used by the affected application, which can lead to other attacks again...
CVE-2006-4019
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...
CVE-2006-4019
CVE-2006-4019 affects SquirrelMail up to version 1.4.7, where a dynamic variable evaluation flaw in compose.php can allow an attacker to overwrite variables used by the script and influence actions, potentially reading/writing attachments and other users’ preferences. The issue stems from unsafe ...
CVE-2006-4019
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...