8737 matches found
Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion
Activist Mobilization Platform AMP 3.2 - Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV71$2007 --------------------------------------------------------------------------- ECHOADV71$2007 AMP v3.2 basepath Remote File Inclusion...
WebCreator 0.2.6-rc3 - 'moddir' Remote File Inclusion
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator ---------------------------------------------------------- Input passed to the "$moddir"...
Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV71$2007 --------------------------------------------------------------------------- ECHOADV71$2007 AMP v3.2 basepath Remote File Inclusion Vulnerability...
PHP import_request_variables()函数任意变量覆盖漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的importrequestvariables函数实现上存在漏洞,远程攻击者可能利用此漏洞控制服务器。 远程攻击者可以利用PHP的importrequestvariables函数覆盖$和$变量(任意php变量),导致执行任意代码。有漏洞代码位于以下文件中: ./ext/standard/basicfunctions.c:PHPFUNCTIONimportrequestvariables ./Zend/zendhash.c:ZENDAPI void...
Tyger Bug Tracking System Multiple Vulnerability
-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...
GLSA-200702-08 : AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200702-08 AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin ha...
security flaw
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 6 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
security flaw
Multiple unspecified vulnerabilities in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, and Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges,...
security flaw
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
security flaw
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
SOL7053 - BIND 9 vulnerabilities - Dereferencing freed fetch context and DNSSEC Validation
This Solution describes vulnerability issues reported in BIND where a remote user can cause denial of service conditions by sending specifically crafted packets to the BIND server. The dereferencing freed fetch context issue results from an issue where the named daemon dereferences a freed fetch...
security flaw
Multiple unspecified vulnerabilities in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, and Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges,...
security flaw
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
security flaw
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
security flaw
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 6 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
Sun JDK/JRE: Multiple vulnerabilities
Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an...
ebp2x-rfi.txt
+-------------------------------------------------------------------- + + Easy Banner Pro Version 2. = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Easy Banner Pro Version + Venedor ...........: http://www.phpwebscripts.com...
Kerberos administration daemon may free uninitialized pointers
Overview A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. Description The MIT krb 5 administration daemon...
SOL6924 - Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists
It is possible to bypass the Deny list, configured in the Accessibility Scope section located on the Portal Access: Web Applications: Master Group Settings page, by inserting certain special characters into a URL path. In FirePass version 6.0, this issue also applies to the Deny list configured...
SOL6922 - Decimal-encoded IP address circumvents Accessibility Scope
It is possible to bypass the Deny list configured in the Accessibility Scope section of the Portal Access: Web Applications: Master Group Settings page using a URL with a decimal-encoded IP address. When you log in to the FirePass Webtop, you can enter a URL into the Webtop Address Bar if the...