1512 matches found
Mbedthis AppWeb 2.2.2 - URL Protocol Format String
source: https://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. This issue affects only applications th...
FreeBSD : snort -- DCE/RPC preprocessor vulnerability (afdf500f-c1f6-11db-95c5-000c6ec775d9)
A IBM Internet Security Systems Protection Advisory reports : Snort is vulnerable to a stack-based buffer overflow as a result of DCE/RPC reassembly. This vulnerability is in a dynamic-preprocessor enabled in the default configuration, and the configuration for this preprocessor allows for...
CVE-2006-6511
The CVE-2006-6511 entry concerns the product dadaIMC .99.3, where an insufficiently restrictive FilesMatch directive in the installed .htaccess allows remote attackers to execute arbitrary PHP code. Specifically, uploaded files whose names contain any of the words: feature, editor, newswire, othe...
FreeBSD : proftpd -- Remote Code Execution Vulnerability (cca97f5f-7435-11db-91de-0008743bf21a)
FrSIRT reports : A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the 'main.c' file where the 'cmdbufsize' size of the buffer used to handle FTP commands...
With robots. txt explore Google Baidu hidden secrets-loopholes warning-the black bar safety net
Search engine through a program robot, also known as spider will automatically visit web pages on the Internet and obtain web page information. However, if the site of some of the information don't want to be someone else searched, 可以创建一个纯文本文件robots.txt and put in the root directory of the site...
CVE-2006-4684
The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...
PYSEC-2006-8
The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...
phpBypass.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.1.6 / 4.4.4 Critical phpadmin bypass by inirestore Author: Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 05.09.2006 - - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 = x...
CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...
USN-328-1: Apache vulnerability
Mark Dowd discovered an off-by-one buffer overflow in the modrewrite module's ldap scheme handling. On systems which activate "RewriteEngine on", a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code this has not been verified...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
DEBIAN-CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
Default configuration
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82)
The ProFTPD release notes states : sean found two format string vulnerabilities, one in modsql's SQLShowInfo directive, and one involving the 'ftpshut' utility. Both can be considered low risk, as they require active involvement on the part of the site administrator in order to be exploited. Thes...
FreeBSD : picasm -- buffer overflow vulnerability (8a3ece40-3315-11da-a263-0001020eed82)
Shaun Colley reports : When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of t...
FreeBSD : awstats -- arbitrary command execution vulnerability (2df297a2-dc74-11da-a22b-000c6ec775d9)
OS Reviews reports : If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character '|' leads to an insecure call to Perl's open function an...
awstats -- arbitrary command execution vulnerability
OS Reviews reports: If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character "|" leads to an insecure call to Perl's open function and...
Path traversal
Microsoft w3wp aka w3wp.exe does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service resource consumption or crash by repeatedly requesting each of several documents that refer to COM...
[NT] w3wp DoS
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...