Remote Code Execution in Knowledge Builder.

Remote Code Execution in Knowledge Builder. "Knowledge Builder" from www.activecampaign.com allows to execute code. Example: Create the following file on your webserver: ----index.php---- ? system$cmd; ? ----------------- And then type in the following URL:...

PY Software Active Webcam 4.3 - WebServer Directory Traversal

PY Software Active Webcam 4.3 - WebServer Directory Traversal source: https://www.securityfocus.com/bid/9260/info It has been reported that Active Webcam webserver may be prone to a directory traversal vulnerability that may allow a remote attacker to gain access to sensitive information, which m...

PY Software Active Webcam 4.3 - WebServer Directory Traversal

source: https://www.securityfocus.com/bid/9260/info It has been reported that Active Webcam webserver may be prone to a directory traversal vulnerability that may allow a remote attacker to gain access to sensitive information, which may be used to launch further attacks against a vulnerable...

Server side scripts viewing in Goahead webserver <= 2.1.7

Luigi Auriemma Application: Goahead webserver http://12.129.4.11/webserver/webserver.htm Versions: = 2.1.7 Platforms: multiplatform Bug: source code viewing of server side script files Risk: low/medium Exploitation: easy via browser Date: 17 Dec 2003 Author: Luigi Auriemma e-mail:...

FAT32 directory auth bypass on Linux Abyssws < 1.2

Luigi Auriemma Application: Abyss webserver http://www.aprelium.com Versions: minors than 1.2 Platforms: Linux version only Bug: Bypassing of password protected folders authorization on FAT32 filesystems Risk: medium but rarely users use Linux to run a webserver on a FAT32 partition Exploitation:...

Abyss webserver FAT partition protection bypass

Under linux, it's possible to access protected located on FAT partition by appending dot to filename...

surfboard-1.1.8.txt

Luigi Auriemma Application: Surfboard webserver http://surfd.sourceforge.net Versions: From the website: "Surfboard is a trivial web server, written by Meredydd Luff." ======= 2 Bugs ======= Directory traversal ------------------- The webserver checks the dot-dot pattern only if there is a '?' in...

Surfboard <= 1.1.8 vulns

Luigi Auriemma Application: Surfboard webserver http://surfd.sourceforge.net Versions: = 1.1.8 Platforms: nix Bugs: possibility to view all the files in the system and resources consumption Risk: medium/high Exploitation: remote/easy Date: 01 Dec 2003 Author: Luigi Auriemma e-mail:...

My_eGallery Module 3.1.1 - Remote File Inclusion Command Injection

source: https://www.securityfocus.com/bid/9113/info A problem has been identified in the handling of input by MyeGallery. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software. MyeGallery exploit Spawn bash style Shell with...

Opera 7.22 File Creation and Execution Exploit (Malicious Webserver)

No description provided by source. !/usr/bin/perl Sample code of "Opera 7 Arbitrary File Auto-Saved Vulnerability." This Exploit will run a webserver that will create and execute a batch file on the victim's computer when visiting this malicious server This perl script is a small HTTP server for ...

ncube server manager 1.0 - Directory Traversal

ncube server manager 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/9004/info nCUBE Server Manager has been reported prone to a directory traversal vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on URI parameters. A remote...

telecondex.pl

Hello, Here my Exploit for Bug: http://securityfocus.com/archive/1/342785 : Greetings, Blade. Code for TelCondex-Dos.pl: !/usr/local/bin/perl TelCondex WebServer: Buffer overflow ------------------------------------ Vendor: TelCondex SimpleWebservertc.SimpleWebServer Version: 2.12.30210 Build 328...

Apache::Gallery local webserver compromise, privilege escalation

Greetings, Apache::Gallery http://apachegallery.dk is a free and popular perl module that, in combination with modperl and Apache, provides a powerful and customizable web gallery of your photographs. A::G unfortunately misuse Inline::C to created shared libraries. From the Inline::C documentatio...

TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0

TA-2003-07 Denial of Service Attack against Twilight WebServer 1.3.3.0 contributed by: rushjo ====================================================================================== Tripbit Security Advisory TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0...

Twilight WebServer buffer overflow

Buffer overflow on few oversized GET requests...

CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c)

No description provided by source. / ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGHT Blue Ballz , 2003 all...

CCBILL CGI - ccbillx.c whereami.cgi Remote Code Execution

CCBILL CGI - ccbillx.c whereami.cgi Remote Code Execution / ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGH...

CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution

/ ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGHT Blue Ballz , 2003 all rights reserved...

Twilight WebServer 1.3.3.0 - GET Buffer Overflow

Twilight WebServer 1.3.3.0 - GET Buffer Overflow // source: https://www.securityfocus.com/bid/8181/info It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET...

Twilight WebServer 1.3.3.0 - GET Remote Denial of Service

Twilight WebServer 1.3.3.0 - GET Remote Denial of Service Denial of Service Attack against Twilight Webserver v1.3.3.0 http://www.twilightutilities.com Original author wanted the c code removed. /str0ke use strict; use IO::Socket; sub usage print "Denial of Service Attack against Twilight Webserv...