EUVD-2008-7206

Malware in sbrugna...

Liffy - Local File Inclusion Exploitation Tool

LFI Exploitation tool A little python tool to perform Local file inclusion. Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time. Main feature data:// for code...

people.aifb.kit.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-631737 Description| Value ---|--- Affected Website:| people.aifb.kit.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

QIWI: apache access.log leakage via long request on https://rapida.ru/

Issue access.log is leaked by attacker who trying send many requests. Explain: Honestly i don't know how the bug is happened, but i guess if the access.log is too large, it will dump some part into the response, and attacker happily get it. Reproduce: 1. Access to https://rapida.ru/search/?q= 2...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4. We log-in VestaCP via passwo...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title :Vesta Control Panel " http://victimserve...

Default configuration

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

Nginx 'access.log'不安全文件权限漏洞

BUGTRAQ ID: 58105 CVECAN ID: CVE-2013-0337 nginx是一款使用非常广泛的高性能Web服务器。 在Gentoo上，/var/log/nginx全局可访问，目录内的日志文件也是全局可读，这可允许未授权用户读取日志文件。 0 Igor Sysoev nginx 厂商补丁： Igor Sysoev ----------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://nginx.net/...

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

Buffer overflow

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

Fedora 10 : ntop-3.3.8-3.fc10 (2009-2805)

ls -lh /var/log/ntop/access.log -rw-rw-rw- 1 root root 0 2009-02-04 11:53 /var/log/ntop/access.log Fixed. log world-writable when the --access-log- file option is used. This option is not used in Fedora or Red Hat by default and is not noted in the configuration file. It is, however, noted in the...

Fedora 10 : squid-3.0.STABLE13-1.fc10 (2009-1526)

Thu Feb 5 2009 Jonathan Steffan - 7:3.0.STABLE13-1 - upgrade to latest upstream - Thu Jan 29 2009 Henrik Nordstrom - 7:3.0.STABLE12-1 - upgrade to latest upstream - Fri Dec 19 2008 Henrik Nordstrom - 7:3.0.STABLE10-3 - actually include the upstream bugfixes in the build - Fri Dec 19 2008 Henrik...

cpg-lfiexec.txt

authenticate; ... 301. // Process language selection if present in URI or in user profile or try 302. // autodetection if default charset is utf-8 303. if !empty$GET'lang' 304. 305. $USER'lang' = ereg"^a-z0-9-$", $GET'lang' ? $GET'lang' : $CONFIG'lang'; 306. 307. 308. if isset$USER'lang' &&...

jshop-lfi.txt

JShop 1.x-2.x local file include --------------------------------------------------------------------------------------------------------------------- + scripts: Jshop Server 1.x-2.x + + Discovered By : v0l4arrra + + url: www.jshop.co.uk + + dork: "powered by jshop" and also usefull one...