PHP-Nuke 7.8 - SQL Injection / Remote Command Execution

?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

Oracle HTTP Server vulnerability

Overview An unspecified vulnerability in Oracle's HTTP Server Apache may allow a remote, unauthenticated attacker to compromise system confidentiality, integrity, and availability. Description Oracle Application Server and Database Server includes Apache as an HTTP server. There is an vulnerabili...

e107 0.6172 - resetcore.php SQL Injection

e107 0.6172 - resetcore.php SQL Injection ?php 0.27 18/10/2005 ---e017xpl.php e107 0.617 resetcore.php SQL Injection & remote code execution all-in-one by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference = o...

e107 < 0.6172 - 'resetcore.php' SQL Injection

?php 0.27 18/10/2005 ---e017xpl.php e107 0.617 resetcore.php SQL Injection & remote code execution all-in-one by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals = on usage: customize fo...

Windows Apache information leak

It's possible to retrieve file from CGI-BIN directory by typing directory name uppercase http://127.0.0.1/CGI-BIN/chat.pl...

w-Agora 4.2.0 - quicklist.php Remote Code Execution

w-Agora 4.2.0 - quicklist.php Remote Code Execution ?php --- wagora420xpl.php 13.33 14/10/2005 W-Agora 4.2.0 possibly prior versions Remote commands execution through quicklist.php and/or upload features by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles t...

w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution

?php --- wagora420xpl.php 13.33 14/10/2005 W-Agora 4.2.0 possibly prior versions Remote commands execution through quicklist.php and/or upload features by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference = o...

Apache Httpd < 2.0.55 : Malicious CRL off-by-one

An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...

Apache Httpd < 2.0.55 : HTTP Request Spoofing

A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...

CVE-2005-2963

The modauthshadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security...

CVE-2005-2963

The modauthshadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security...

CVE-2005-2963

The modauthshadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security...

CVE-2005-2963

The CVE-2005-2963 issue affects the mod_auth_shadow Apache module (versions 1.0–1.5 and 2.0) when AuthShadow is enabled. The vulnerability causes shadow authentication to apply to all locations using the require group directive, potentially bypassing other access controls if credentials match /et...

Cyphor &lt;= 0.19 (board takeover) SQL Injection Exploit

No description provided by source. ?php quoted from rgod "1if magic quotes off - SQL Injection:" /str0ke --- cyphor019xpl.php 7.36 08/10/2005 Cyphor 0.19 possibly prior versions SQL injection / board takeover by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

Utopia News Pro &lt;= 1.1.3 (news.php) SQL Injection Exploit

No description provided by source. ?php bif magic quotes off -SQL INJECTION: /str0ke 3.10 07/10/2005 utopiaxpl.php Utopia News Pro 1.1.3 possibly prior versions SQL Injection / Administrative credentials disclosure by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

[Full-disclosure] [SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 844-1 [email protected] http://www.debian.org/security/ Martin Schulze October 5th, 2005 http://www.debian.org/security/faq -...

Mandrake Linux Security Advisory : apache (MDKSA-2005:130)

Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header which would cause Apache to incorrectly handle and forward the body of the request in a w...

GLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200509-12 Apache, modssl: Multiple vulnerabilities modssl contains a security issue when 'SSLVerifyClient optional' is configured in the global virtual host configuration CAN-2005-2700. Also, Apache's httpd includes a PCRE library...

Debian DSA-844-1 : mod-auth-shadow - programming error

A vulnerability in modauthshadow, an Apache module that lets users perform HTTP authentication against /etc/shadow, has been discovered. The module runs for all locations that use the 'require group' directive which would bypass access restrictions controlled by another authorisation mechanism,...

SUSE-SA:2005:046: apache,apache2

The remote host is missing the patch for the advisory SUSE-SA:2005:046 apache,apache2. A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to 'smuggle' requests past filters by providing handcrafted header entries. Fixed Apache 2 server packages were...