phpAddEdit 1.3 (editform) Local File Inclusion Vulnerability

No description provided by source. phpaddedit-1.3 LFI Author: nuclear script:http://sourceforge.net/projects/phpaddedit/ vuln:http://target.com/addedit-render.php?editform=../../../../../../../etc/passwd%00 vulnerable code: if !$formname && $GET"editform" $formname = $GET"editform"; ... if...

MySQL privilege escalation

It's possible to specify file of different database in CREATE TABLE...

Oracle数据库服务器CREATE ANY DIRECTORY权限提升漏洞

BUGTRAQ ID: 31738 Oracle是大型的商用数据库系统。 Oracle数据库中存在严重的权限提升漏洞，拥有CREATE ANY DIRECTORY权限的低权限用户可以通过UTLDIR用已知的二进制口令文件直接覆盖隐藏的口令文件获得SYSDBA权限。 Oracle Database 11g Oracle Database 10.2 Oracle Database 10.1 Oracle ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.oracle.com --note windows add...

Oracle Database Server 'CREATE ANY DIRECTORY'特权提升漏洞

BUGTRAQ ID: 31738 CNCAN ID：CNCAN-2008101405 Oracle Database Server是一款大型企业级的数据库服务程序。 Oracle Database Server 'CREATE ANY DIRECTORY'用户特权相关处理存在问题，远程攻击者可以利用漏洞获得SYSDBA特权权限。 通过UTLDIR使用已知两进制密码文件可直接覆盖隐藏的两进制文件，而使拥有CREATE ANY DIRECTORY低权限的用户获得SYSDBA特权。 目前如下链接进行了一定程度的分析目前不能连接：...

createdirectory2sysdba.sql

--note windows adds 0D 0A to end as cTRL LF --WINDOWS VERSION 10.1 DECLARE fi UTLFILE.FILETYPE; bu RAW32767; bu2 varchar232767; bu3 varchar232767; BEGIN...

GdPicture Pro 'gdpicture4s.ocx' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID:31504 CNCAN ID：CNCAN-2008100305 GdPicture Pro是一款支持多格式的图像管理软件。 GdPicture Pro包含的gdpicture4s.ocx ActiveX控件存在设计错误，远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 SaveAsPDF方法允许通过sFilePath参数建立和覆盖文件，通过使用其他参数，如sTitle，攻击者可以注入HTML代码，使用hcp://协议执行。GdPicturePro5.Imaging也存在此漏洞。 GdPicture GdPicture Pro GdPicture GdPicture...

Microsoft Rich Textbox ActiveX control SaveFile vulnerability

Added: 10/07/2008 CVE: CVE-2008-0237 BID: 27201 OSVDB: 40234 Background Microsoft Rich Textbox is an ActiveX control which comes with Visual Basic and allows creation of formatted text in RTF files. It is located in the Richtx32.ocx file. Problem The SaveFile method in the Rich Textbox ActiveX...

xen security update

CentOS Errata and Security Advisory CESA-2008:0892 Updated xen packages that resolve a couple of security issues and fix a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xen packages...

DEBIAN-CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

Privilege escalation

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed wh...

Privilege escalation

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time a...

FreeBSD Ports: mysql-server

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MemHT Portal <= 3.9.0 Remote Create Shell Exploit

Exploit for unknown platform in category web applications ================================================= MemHT Portal = 3.9.0 Remote Create Shell Exploit ================================================= !/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams DESCRIPTION:...

MemHT Portal 3.9.0 - Remote Create Shell

MemHT Portal 3.9.0 - Remote Create Shell !/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams ax330d doggy gmail dot com DESCRIPTION: Script /inc/incstatistics.php accepts unfiltered $COOKIE's, $COOKIE'statsres' which later goes to MySQL request. So we are able to make sql...

GLSA-200809-04 : MySQL: Privilege bypass

The remote host is affected by the vulnerability described in GLSA-200809-04 MySQL: Privilege bypass Sergei Golubchik reported that MySQL imposes no restrictions on the specification of 'DATA DIRECTORY' or 'INDEX DIRECTORY' in SQL 'CREATE TABLE' statements. Impact : An authenticated remote attack...

FreeBSD Ports: frontpage -- cross site scripting vulnerability

The remote host is missing an update to the system as announced in the referenced advisory. VID c0171f59-ea8a-11da-be02-000c6ec775d9 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

hMAilServer 4.4.1 - IMAP Command Remote Denial of Service

source: https://www.securityfocus.com/bid/30663/info hMailServer is prone to a remote denial-of-service vulnerability caused by large numbers of certain IMAP commands. Exploiting this issue will cause the server to crash and deny access to legitimate users. hMailServer 4.4.1 is vulnerable; other...

Debian Security Advisory DSA 1608-1 (mysql-dfsg-5.0)

The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1608-1. OpenVAS Vulnerability Test $Id: deb16081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1608-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

DSA-1608-1 mysql-dfsg-5.0 - authorization bypass

Bulletin has no description...

CVE-2008-3092

SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors...