CVE-2007-2025

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...

DEBIAN-CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

CVE-2007-1743

suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vend...

DEBIAN-CVE-2007-1741

Multiple race conditions in suexec in Apache HTTP Server httpd 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that th...

security flaw

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

Critical phpwiki c99shell exploit

Via the Phpwiki 1.3.x UpLoad feature some hackers from russia uploaded a php3 or php4 file, install a backdoor at port 8081 and have access to your whole disc and overtake the server. A url in the file is http://ccteam.ru/releases/c99shell The uploaded file has a php, php3 or php4 extension and...

Vuln Review: Apache Mod_Rewrite Off-by-one Remote Exploit(Win32)-vulnerability warning-the black bar safety net

by axis Date: 2007-04-07 http://www.ph4nt0m.org Last time in irc in the demo another loophole to get the cmd banner, the result is the swan large cattle mistakenly think that this is the vulnerability, then the recent use of leisure time, with a bit of this vulnerability. This vulnerability on...

Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)

No description provided by source. !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis axis@ph4nt0m http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 1.3.37 2.0 branch: 2.0.46 and 2.0.59...

ScarNews 1.2.1 - sn_admin_dir Local File Inclusion

ScarNews 1.2.1 - snadmindir Local File Inclusion Perl BeyazKurt ScarNews snadmindir Local File Inclusion Exploit D0rk : "Powered by ScarNews v1.2.1" dorka gerenk yok ama nese :p kodlad...m 2 scriptte di.er makinayla uctu : : Str0ke üzme kendini olur böle .eler : Download :...

ScarNews 1.2.1 (sn_admin_dir) Local File Inclusion Exploit

Exploit for unknown platform in category web applications ========================================================== ScarNews 1.2.1 snadmindir Local File Inclusion Exploit ========================================================== Perl BeyazKurt ScarNews snadmindir Local File Inclusion Exploit D0...

PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

Exploit for unknown platform in category web applications ====================================================== PHP-Nuke Module eBoard 1.0.7 GLOBALSname LFI Exploit ====================================================== !Perl PHP-Nuke Module eBoard 1.0.7 GLOBALSname Local File Inclusion Exploit...

ScarNews 1.2.1 - 'sn_admin_dir' Local File Inclusion

Perl BeyazKurt ScarNews snadmindir Local File Inclusion Exploit D0rk : "Powered by ScarNews v1.2.1" dorka gerenk yok ama nese :p kodlad...m 2 scriptte di.er makinayla uctu : : Str0ke üzme kendini olur böle .eler : Download : http://www.scar4u.de/scripts/scarnews/download.html Coded by elden ele...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...

modrewrite-offbyone.txt

!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...

Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)

Exploit for unknown platform in category remote exploits ============================================================= Apache ModRewrite Off-by-one Remote Overflow Exploit win32 ============================================================= !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. b...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...

CVE-2007-1801

CVE-2007-1801 affects sBLOG 0.7.3 Beta. Vulnerability: directory traversal via conf_lang_default in inc/lang.php, allowing remote attackers to cause local file inclusion by injecting PHP sequences into an Apache log file which is then included by inc/lang.php. This can enable arbitrary local file...

Apache mod_perl resource exhaustion

PATHINFO environment variable is used in regular expressions without scpeial characters escaping...

Apache on the file suffix parsing the analysis of use-vulnerability warning-the black bar safety net

Now the website is more and more using PHP as the main script to construct a web page this way because PHP powerful and easy to use; Furthermore the back support to use Apache as a server, while Apache is free, maybe it is because of this that reason, now PHP is also more and more popular. Anothe...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...