1181 matches found
CVE-2008-4995
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default...
CVE-2008-4995
The CVE-2008-4995 entry concerns bk2site 1.1.9, where a symlink attack against the temporary file /tmp/redirect.log in redirect.pl permits local users to overwrite arbitrary files. The underlying issue is a symlink-based write risk present when the program operates in debug mode (which is disable...
CVE-2008-4955
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...
Design/Logic Flaw
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...
CVE-2008-4955
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...
CA iTechnology iGateway Debug Mode Buffer Overflow
This module exploits a vulnerability in the Computer Associates iTechnology iGateway component. When True is enabled in igateway.conf non-default, it is possible to overwrite the stack and execute code remotely. This module works best with Ordinal payloads. This module requires Metasploit:...
Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================== Neat weblog 0.2 articleId Remote SQL Injection Vulnerability ============================================================== !/usr/bin/perl Neat weblog 0.2 SQL Injection Exploit...
ablog-sqlxss.txt
!/usr/bin/perl A-Blog V.2 Multiple Remote Vulnerabilities SQL Injection Exploit/XSS AUTHOR : IRCRASH Discovered by : Dr.Crash Exploited By : Dr.Crash IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm Script Download : http://heanet.dl.sourceforge.net/sourceforge/a-blog/A-BlogV2.rar XSS Address...
DWR debug mode is enabled
This gives a potential attacker lots of information about available AJAX request handlers in Confluence...
DWR debug mode is enabled
This gives a potential attacker lots of information about available AJAX request handlers in Confluence...
CVE-2007-3494
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...
CVE-2007-3494
CVE-2007-3494 affects Papoo CMS 3.6 and possibly earlier. The vulnerability stems from a missing privilege check in backend administration plugin access (via interna/plugin.php and a devtools/templates/newdump_backend.html argument), enabling remote authenticated users to perform actions beyond t...
CVE-2007-1964
member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...
CVE-2007-1964
member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...
CVE-2007-1964
member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...
CVE-2007-1964
The CVE-2007-1964 issue affects MyBB (MyBulletinBoard) via member.php. When debug mode is enabled, remote authenticated users can change any account’s password by sending a do_lostpw request with the target’s registered email, and the debug output prints the change-password verification code. Acc...
mybb-exec.txt
!/usr/bin/php escapestring. They don't corrected the function this is a choice ... the bad and they forgot to correct 1 only SQL request. They must correct the problem at the source = if$argc URL: http://www.acid-root.new.fr/ -----------------------------------------------------------------------...
Mybb Change Password Vulnerability
Hello,, Mybb Change Password Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] If You Can Use the debug mode you will be able to change the password for and user by knowing the registered email address Enter the...
debug217_php.txt
INSERT INTO \w?regantispam \regid,regcode,ipaddress,ctime\ VALUES\'\w32?',\d?,/', $page, $regs $prefix = $regs1; $regid = $regs2; $regcode = $regs3; else $suffix = "&debug=1"; $curl = curlinit$site.'act=Reg&CODE=10'.$suffix; curlsetopt$curl, CURLOPTPROXY, $proxy; curlsetopt$curl,...
Invision Power Board <= 2.1.7 (Debug) Remote Password Change Exploit
No description provided by source. ?php / Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7 by Rapigator This works if: "Debug Level" is set to 3 or Enable SQL Debug Mode is turned on In General Configuration of the forum software. / // The forum's address up t...