Mantis Bug Tracker <= 1.1.3 - Remote Code Execution Exploit

No description provided by source. ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX...

The Everything Development System <= Pre-1.0 - SQL Injection Vuln

No description provided by source. Application: The Everything Development System Versions: = Pre-1.0 current version at time of release Author: sub [email protected] Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to...

CVE-2013-1883

Mantis Bug Tracker aka MantisBT 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service resource consumption via a filter using a criteria, text search, and the "any condition" match type...

Design/Logic Flaw

Mantis Bug Tracker aka MantisBT 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service resource consumption via a filter using a criteria, text search, and the "any condition" match type...

DD-WRT 24-sp2 CSRF / Command Injection

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

FreeBSD : pycrypto -- vulnerable ElGamal key generation (f45c0049-be72-11e1-a284-0023ae8e59f0)

Dwayne C. Litzenberger of PyCrypto reports : In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature...

Joomla! Spam Mail Relay Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Spam Mail Relay Date: 11 Jan 2011 Author: Jeff Channell Software Link: http://www.joomla.org/ Versions: 1.5.22, 1.6.0 Joomla! 1.5.22 & 1.6.0 both allow spam email to be relayed to unsuspecting victims via the core...

Joomla! 1.5.22 1.6.0 - com_mailto Spam Mail Relay

Joomla! 1.5.22 1.6.0 - commailto Spam Mail Relay Exploit Title: Joomla! Spam Mail Relay Date: 11 Jan 2011 Author: Jeff Channell Software Link: http://www.joomla.org/ Versions: 1.5.22, 1.6.0 Joomla! 1.5.22 & 1.6.0 both allow spam email to be relayed to unsuspecting victims via the core commailto...

Joomla! 1.5.22 / 1.6.0 - &#039;com_mailto&#039; Spam Mail Relay

Exploit Title: Joomla! Spam Mail Relay Date: 11 Jan 2011 Author: Jeff Channell Software Link: http://www.joomla.org/ Versions: 1.5.22, 1.6.0 Joomla! 1.5.22 & 1.6.0 both allow spam email to be relayed to unsuspecting victims via the core commailto component. Tested using the following URL:...

Joomla! Spam Mail Relay

Exploit Title: Joomla! Spam Mail Relay Date: 11 Jan 2011 Author: Jeff Channell Software Link: http://www.joomla.org/ Versions: 1.5.22, 1.6.0 Joomla! 1.5.22 & 1.6.0 both allow spam email to be relayed to unsuspecting victims via the core commailto component. Tested using the following URL:...

EUVD-2010-4319

Directory traversal vulnerability in admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the dbtype parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...

EUVD-2010-4318

admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid dbtype parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...

Multiple vulnerabilities in BugTracker.Net

Core Security - CoreLabsMultiple vulnerabilities in BugTracker.Net 1. Advisory Information Title: Multiple vulnerabilities in BugTracker.Net Advisory Id: CORE-2010-1109 Advisory URL: http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker Date published: 2010-11-30 Date of last...

DEBIAN-CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

OpenX <= 2.8.1 execute arbitrary PHP code-exploits warning-the black bar safety net

Test method: OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the insecure file upload...

OpenX &lt;= 2.8.1 执行任意PHP代码

No description provided by source. OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the...

Fedora 10 : proftpd-1.3.2b-1.fc10 (2009-11666)

This update fixes CVE-2009-3639, in which proftpd's modtls, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate. This allows remote attackers to bypass intended...

mantis-exec.txt

?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...

Mantis Bug Tracker &lt;= 1.1.3 Remote Code Execution Exploit

No description provided by source. ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX...

Mantis Bug Tracker 1.1.3 - Remote Code Execution

Mantis Bug Tracker 1.1.3 - Remote Code Execution ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit --------------------------------------------------------------------------------...