Lucene search
K

1181 matches found

UbuntuCve
UbuntuCve
added 2008/11/07 7:36 p.m.30 views

CVE-2008-4995

redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default...

6.9CVSS5.9AI score0.00374EPSS
Exploits1References1
CVE
CVE
added 2008/11/07 7:0 p.m.63 views

CVE-2008-4995

The CVE-2008-4995 entry concerns bk2site 1.1.9, where a symlink attack against the temporary file /tmp/redirect.log in redirect.pl permits local users to overwrite arbitrary files. The underlying issue is a symlink-based write risk present when the program operates in debug mode (which is disable...

6.9CVSS6.3AI score0.00374EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2008/11/05 3:0 p.m.25 views

CVE-2008-4955

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...

6.2CVSS6.3AI score0.0035EPSS
Exploits1References4
Prion
Prion
added 2008/11/05 3:0 p.m.11 views

Design/Logic Flaw

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...

6.2CVSS6.7AI score0.0035EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2008/11/05 2:51 p.m.25 views

CVE-2008-4955

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...

6.3AI score0.0035EPSS
Exploits1References4
Metasploit
Metasploit
added 2008/04/14 2:14 p.m.34 views

CA iTechnology iGateway Debug Mode Buffer Overflow

This module exploits a vulnerability in the Computer Associates iTechnology iGateway component. When True is enabled in igateway.conf non-default, it is possible to overwrite the stack and execute code remotely. This module works best with Ordinal payloads. This module requires Metasploit:...

7.5CVSS7.3AI score0.65615EPSS
Exploits3
0day.today
0day.today
added 2008/03/31 12:0 a.m.41 views

Neat weblog 0.2 (articleId) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== Neat weblog 0.2 articleId Remote SQL Injection Vulnerability ============================================================== !/usr/bin/perl Neat weblog 0.2 SQL Injection Exploit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/02/04 12:0 a.m.18 views

ablog-sqlxss.txt

!/usr/bin/perl A-Blog V.2 Multiple Remote Vulnerabilities SQL Injection Exploit/XSS AUTHOR : IRCRASH Discovered by : Dr.Crash Exploited By : Dr.Crash IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm Script Download : http://heanet.dl.sourceforge.net/sourceforge/a-blog/A-BlogV2.rar XSS Address...

7.4AI score
Exploits0
Atlassian
Atlassian
added 2007/10/16 1:27 a.m.28 views

DWR debug mode is enabled

This gives a potential attacker lots of information about available AJAX request handlers in Confluence...

4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/16 1:27 a.m.25 views

DWR debug mode is enabled

This gives a potential attacker lots of information about available AJAX request handlers in Confluence...

4AI score
Exploits0Affected Software1
NVD
NVD
added 2007/06/29 6:30 p.m.11 views

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

6.8CVSS6.3AI score0.02052EPSS
Exploits0References7
CVE
CVE
added 2007/06/29 6:0 p.m.59 views

CVE-2007-3494

CVE-2007-3494 affects Papoo CMS 3.6 and possibly earlier. The vulnerability stems from a missing privilege check in backend administration plugin access (via interna/plugin.php and a devtools/templates/newdump_backend.html argument), enabling remote authenticated users to perform actions beyond t...

6.8CVSS6.3AI score0.02052EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/04/11 10:19 a.m.18 views

CVE-2007-1964

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

6CVSS6.6AI score0.00945EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2007/04/11 10:19 a.m.3 views

CVE-2007-1964

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

6CVSS5.7AI score0.00945EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/04/11 10:0 a.m.19 views

CVE-2007-1964

member.php in MyBB aka MyBulletinBoard, when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a dolostpw action, which prints the change password verification code in the...

6.6AI score0.00945EPSS
Exploits0References3
CVE
CVE
added 2007/04/11 10:0 a.m.53 views

CVE-2007-1964

The CVE-2007-1964 issue affects MyBB (MyBulletinBoard) via member.php. When debug mode is enabled, remote authenticated users can change any account’s password by sending a do_lostpw request with the target’s registered email, and the debug output prints the change-password verification code. Acc...

6CVSS6.6AI score0.00945EPSS
Exploits0References3Affected Software2
Packet Storm
Packet Storm
added 2007/04/04 12:0 a.m.29 views

mybb-exec.txt

!/usr/bin/php escapestring. They don't corrected the function this is a choice ... the bad and they forgot to correct 1 only SQL request. They must correct the problem at the source = if$argc URL: http://www.acid-root.new.fr/ -----------------------------------------------------------------------...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/30 12:0 a.m.63 views

Mybb Change Password Vulnerability

Hello,, Mybb Change Password Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] If You Can Use the debug mode you will be able to change the password for and user by knowing the registered email address Enter the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/11/03 12:0 a.m.17 views

debug217_php.txt

INSERT INTO \w?regantispam \regid,regcode,ipaddress,ctime\ VALUES\'\w32?',\d?,/', $page, $regs $prefix = $regs1; $regid = $regs2; $regcode = $regs3; else $suffix = "&debug=1"; $curl = curlinit$site.'act=Reg&CODE=10'.$suffix; curlsetopt$curl, CURLOPTPROXY, $proxy; curlsetopt$curl,...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/02 12:0 a.m.27 views

Invision Power Board <= 2.1.7 (Debug) Remote Password Change Exploit

No description provided by source. ?php / Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7 by Rapigator This works if: "Debug Level" is set to 3 or Enable SQL Debug Mode is turned on In General Configuration of the forum software. / // The forum's address up t...

7.1AI score
Exploits0
Rows per page
Query Builder