DEBIAN-CVE-2007-0254

Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors...

MOAB-09-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH . require 'fileutils' require 'zlib' hdiutil = "/usr/bin/hdiutil" dmgname = ARGV0 || "MOAB-09-01-2007.dmg" dmgsize = ARGV1 || "200k" filesys = ARGV2 || "UFS" volname = "" 255.times do volname i = Kernel.rand62; i += i 10 ? 48 : i 36 ? 55 : 61 .chr end FileUtils.rmfdmgnam...

Cacti Copy_Cacti_User.PHP SQL注入漏洞

Cacti是一款基于PHP的WEB应用程序。 Cacti不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'CopyCactiUser.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 Cacti Cacti 0.8.6i 目前没有解决方案提供： http://cacti.net/ ?php printr' --------------------------------------------------------------------------- Cacti 0.8.6i...

Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Cacti 0.8.6i "copycactiuser.php" sql injection create new admin exploit by rgod dork: intitle:"login to cacti" mail: retrog at alice dot it site:...

Cacti 0.8.6i (copy_cacti_user.php) SQL Injection Create Admin Exploit

Exploit for unknown platform in category web applications ===================================================================== Cacti 0.8.6i copycactiuser.php SQL Injection Create Admin Exploit ===================================================================== 126 $result.=" ."; else $result.=...

Cacti 0.8.6i - 'copy_cacti_user.php' SQL Injection Create Admin

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b...

Oracle 9i10g - extproc LocalRemote Command Execution

Oracle 9i10g - extproc LocalRemote Command Execution -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allo...

CVE-2006-6259

Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...

CVE-2006-6259

Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...

PT-2006-6644

Name of the Vulnerable Software and Affected Versions DirectAdmin version 1.28.1 Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved through various parameters and commands, including the user parameter to CMD SHOW RESELLER or CMD...

MDaemon mail server weak permissions

Installation folder allows User group to create files, making it possible to spoof system DLLs with local ones...

openexec_createfile.pl.txt

!/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom \n\nTargets:\n\n"; foreach $key sortkeys %tgts $a,$b = split/:/,$tgts"$key"; print "\t$key . $a\n"; print "\n"; exit 1; $ret = pack"l", $retval; $a,$b = split/:/,$tgts"$target"; print " Target: $a $b\n";...

FreeWebshop.org Script <= 2.2.2 Multiple Remote Vulnerabilities

Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd00 List Passwords:...

FreeWebshop.org Script <= 2.2.2 Multiple Remote Vulnerabilities

No description provided by source. Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00 List...

FreeWebShop.org script 2.2.2 - Multiple Vulnerabilities

FreeWebShop.org script 2.2.2 - Multiple Vulnerabilities Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files:...

FreeWebshop.org Script <= 2.2.2 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== FreeWebshop.org Script = 2.2.2 Multiple Remote Vulnerabilities =============================================================== Product: www.freewebshop.org Version: 2.2.x, may...

Mozilla Firefox Range脚本对象拒绝服务漏洞

Firefox是一款开放源码的WEB浏览器。 Firefox的Range对象中存在空指针引用问题，成功利用这个漏洞的攻击者可以导致浏览器崩溃。 可以使用selectNode方式初始化Range对象选择将要注入Range中的节点，也可以使用createContextualFragment方式创建文档碎片，如下所示： var tagString = "divI am a div node/div"; var range = document.createRange; range.selectNodedocument.getElementsByTagName"div".item0; var...

HostingController6.1.txt

Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories advisory : http://www.kapda.ir/advisory-442.html http://securitytracker.com/alerts/2006/Oct/1017103.html SQLInjection, Command Injection ------- KAPDA::59 - Hosting...

Hosting Controller 6.1 Hotfix &lt;= 3.2 Vulnerability

Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories advisory : http://www.kapda.ir/advisory-442.html http://securitytracker.com/alerts/2006/Oct/1017103.html...

DEBIAN-CVE-2006-5297

Race condition in the safeopen function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the OEXCL flag on NFS filesystems...