Elvin BTS 1.2.0 XSS / LFI / SQL Injection

Elvin BTS 1.2.0 Multiple Remote VUlnerabilities + Discovered By SirGod + www.mortal-team.org - Script Homepage : http://www.elvinbts.org/ - Google Dork : Powered by Elvin Bug Tracking Server. Elvin BTS suffers from a lot of vunerabilities 1 SQL Injection 2 Local File Inclusion 3 SQL Injection...

Lighttpd 1.4.23 Code Disclosure

Severe vulnerability in FreeBSD/OSX with Lighttpd 1.4.23 latest version Most httpd daemons are probably vulnerable to this with FreeBSD/OSX as the OS. http://redmine.lighttpd.net/issues/1989 Description If you put a trailing slash / after the .php and that file is a link, it will just display the...

Lighttpd 1.4.23 (BSDSolaris) - Source Code Disclosure

Lighttpd 1.4.23 BSDSolaris - Source Code Disclosure Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file...

Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure

Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symbolic link with appended slash succeeds...

Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)

No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...

Lighttpd 1.4.23 Source Code Disclosure Vulnerability (FreeBSD/OSX bug)

Exploit for multiple platform in category remote exploits ====================================================================== Lighttpd 1.4.23 Source Code Disclosure Vulnerability FreeBSD/OSX bug ====================================================================== Severe vulnerability in...

CVE-2008-6528

NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream...

NaviCOPA Web Server远程堆溢出和源码泄露漏洞

BUGTRAQ ID: 33585 NaviCOPA Web Server是一款安装在Windows系统上的Web服务器，可以自动配置HTTP访问。 如果远程攻击者向NaviCOPA Web Server提交了超长的HTTP GET请求的话，就可以触发堆溢出，导致执行任意代码；此外向服务器提交包含有圆点字符的特制HTTP请求还可以泄露PHP脚本的源码。 InterVations NaviCOPA Web Server 3.01 厂商补丁： InterVations ------------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

NaviCOPA Trailing Dot Source Code Disclosure

The version of the NaviCOPA web server software running on the remote host returns the source of scripts hosted on it if the URL ends in a dot '.'. A remote attacker can leverage this issue to view the source code of CGIs and possibly obtain passwords and other sensitive information from this hos...

SuSE Update for mono-web SUSE-SA:2007:002

Check for the Version of mono-web OpenVAS Vulnerability Test $Id: gbsuse2007002.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for mono-web SUSE-SA:2007:002 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

FreeLyrics 1.0 (source.php p) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================== FreeLyrics 1.0 source.php p Remote File Disclosure Vulnerability ================================================================== FreeLyrics Remote Source Code Disclosure...

FreeLyrics 1.0 - Remote File Disclosure

FreeLyrics 1.0 - Remote File Disclosure Piker FreeLyrics Remote Source Code Disclosure Vulnerability Affected software: FreeLyrics Vendor: http://lyrics.sourceforge.net/ Risk: Medium http://target/path/source.php?p=FILE PoC: http://target/path/source.php?p=config.php Found by Piker...

A simple php source code disclosure vulnerability excavations-vulnerability warning-the black bar safety net

We know that in asp appears to be the most or thesql injection, but in php since magicquotesgpc is on case special characters will be escaped, so even if there are a lot of times theresql injectionalso I can not use. But php powerful file operation function, but so that we can experience in asp c...

Minigal b13 (index.php list) Remote File Disclosure Exploit

Exploit for unknown platform in category web applications =========================================================== Minigal b13 index.php list Remote File Disclosure Exploit =========================================================== ?php settimelimit0; function findpass$data $pass =...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

The remote web server is affected by multiple flaws. Description : The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

Deprecated since it didn SPDX-FileCopyrightText: 2008 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.80068";...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

myblog-multi.txt

www.BugReport.ir AmnPardaz Security Research Team Title: MyBlog =0.9.8 Multiple Vulnerabilities Vendor: http://crewdesign.co.uk & http://sourceforge.net/projects/myblog Exploit: Available Vulnerable Version: 0.9.8 Impact: High Fix: N/A Original Advisory: www.bugreport.ir/?/49 1. Description:...

Information disclosure

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...