[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

PHP Web Explorer 0.99b - 'main.php?refer' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/31595/info PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute...

PHP Web Explorer 0.99b - 'edit.php?File' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/31595/info PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute...

Barcode Generator 2.0 - LSTable.php Remote File Inclusion

Barcode Generator 2.0 - LSTable.php Remote File Inclusion source: https://www.securityfocus.com/bid/31419/info Barcode Generator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/31419/info Barcode Generator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in...

Libra File Manager 1.182.0 - fileadmin.php Local File Inclusion

Libra File Manager 1.182.0 - fileadmin.php Local File Inclusion source: https://www.securityfocus.com/bid/31403/info Libra File Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using...

Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Inclusion

source: https://www.securityfocus.com/bid/31403/info Libra File Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of...

PHP Command Shell, Find Sock

Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes...

Gentoo Security Advisory GLSA 200402-04 (Gallery)

The remote host is missing updates announced in advisory GLSA 200402-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1639-1 : twiki - command execution

It was discovered that twiki, a web-based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. %NASLMINLEVEL 70300...

cyask 3.x Local File Inclusion Vulnerability

This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask. The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filename to $neturl so that collect.php ca...

DSA-1639-1 twiki - command execution

Bulletin has no description...

CYASK 3.x - 'neturl' Local File Disclosure

This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask. The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filename to $neturl so that collect.php ca...

cyask-disclose.txt

This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask. The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filename to $neturl so that collect.php ca...

CYASK 3.x (collect.php neturl) Local File Disclosure Vulnerability

No description provided by source. This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask. The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filenam...

CYASK 3.x (collect.php neturl) Local File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================== CYASK 3.x collect.php neturl Local File Disclosure Vulnerability ================================================================== This vulnerability leads to that the...

Jaw Portal 1.2 - index.php Multiple Local File Inclusions

Jaw Portal 1.2 - index.php Multiple Local File Inclusions source: https://www.securityfocus.com/bid/31099/info Jaw Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using...

Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/31099/info Jaw Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to execute arbitrary local PHP scripts...

XHP CMS Version <= 0.5 File Upload Vulnerability

The remote webserver is hosting a PHP script which is vulnerable to a unrestricted file upload flaw. Description : XHP CMS is installed on the remote system. The installed application does not authenticate users to access the FileManager scripts located at:...

GoAhead WebServer Script Source Code Disclosure

A vulnerable version of GoAhead Webserver is running on the remote host. Description : GoAhead Webserver is installed on the remote system. It's an open-source webserver, which is capable of hosting ASP pages, and installation on multiple operating systems. The version installed is vulnerable to...