DocMGR 0.54.2 - file_exists Remote Command Execution

DocMGR 0.54.2 - fileexists Remote Command Execution works against PHP5, with shortopentag = On and registerglobals = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The quality of decision is like the well-timed swoop of a falcon which enables it to strike and destroy i...

GLSA-200602-03 : Apache: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200602-03 Apache: Multiple vulnerabilities Apache's modimap fails to properly sanitize the 'Referer' directive of imagemaps in some cases, leaving the HTTP Referer header unescaped. A flaw in modssl can lead to a NULL pointer...

RunCMS 1.2 - class.forumposts.php Remote File Inclusion

RunCMS 1.2 - class.forumposts.php Remote File Inclusion ?php ---runcms13axpl.php 17.30 09/02/2006 RunCMS = 1.2 arbitrary remote inclusion exploit " = 1.3a shell upload through FCKEditor coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go...

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...

SPIP 1.8.2g - Remote Command Execution

SPIP 1.8.2g - Remote Command Execution this works regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Fighting with a large army under your command is nowise different from fighting with a small one: it is merely a question of instituting...

SPIP <= 1.8.2g Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ================================================ SPIP this works regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Fighting with a large army under your command is nowise differen...

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. modimap provides support for server-side image maps; modssl provides secure HTTP connections. Description Apache's modimap fails to properly sanitize the "Referer" directive of imagemaps in some cases, leavi...

phpBB 2.0.19 - Style ChangerDemo Mod SQL Injection

phpBB 2.0.19 - Style ChangerDemo Mod SQL Injection !/usr/bin/perl | | | \ | | |/ phpBB Style Changer/Demo Mod--GET HASH EXPLOIT Created By SkOd SED security Team http://www.sed-team.be [email protected] ISRAEL google: "Powered by phpBB" inurl:"index.php?s" OR inurl:"index.php?style" use IO::Socke...

Mandrake Linux Security Advisory : php (MDKSA-2006:028)

Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function. CVE-2006-0207 Multiple cross-site...

Clever Copy <= 3.0 Admin Auth Details / Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== Clever Copy this works with magicquotesgpc = Off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "While heading the profit of my counsel, avail...

LoudBlog 0.4 - Remote File Inclusion

LoudBlog 0.4 - Remote File Inclusion LoudBlog 4.0 remote commands execution body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img background-color: FFFFFF !important...

LoudBlog 0.4 - Remote File Inclusion

LoudBlog 4.0 remote commands execution body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img background-color: FFFFFF !important input backgr...

CVE-2005-4703

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto...

apache security update

CentOS Errata and Security Advisory CESA-2006:0158-01 Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

Technical Note by Amit Klein: &quot;XST Strikes Back&quot;

Technical note XST Strikes Back or perhaps "Return from the Proxy"... Amit Klein, January 2006 Introduction ============ About three years ago, the concept of "Cross Site Tracing" 1 was introduced to the web application security community. In essence, the classic XST is about amplifying an existi...

Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)

Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...

CVE-2006-0254

Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer...

Geronimo Console Default Credentials

The remote host appears to be running Geronimo, an open source J2EE server from the Apache Software Foundation. The installation of Geronimo on the remote host uses the default username and password to control access to its administrative console. Knowing these, an attacker can gain control of th...

Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS

The remote host appears to be running Geronimo, an open source J2EE server from the Apache Software Foundation. The version of Geronimo installed on the remote host includes a JSP application that fails to sanitize user-supplied input to the 'time' parameter before using it to generate a dynamic...

RHEL 2.1 : apache (RHSA-2006:0158)

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw in modim...