ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities

Author: Zer0 Thunder Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/ Tested on: Windows XP sp2 WampServer 2.0i - There are Cople of pages that has the LFI vuln Vuln c0de : dl-authcontent.php $returlvar = "dloads"; include "$docroot" . "tplates/usrauthlogin.php"; exit;...

ProfitCode Shopping Cart Multiple LFI/RFI Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= ProfitCode Shopping Cart Multiple LFI/RFI Vulnerabilities ========================================================= Author: Zer0 Thunder Site : http://www.profitcode.net/ -...

SuSE9 Security Update : PHP4 (YOU Patch Number 12049)

This update fixes multiple bugs in php : - several problems in pcre CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. CVE-2007-5898 - overly long arguments to the dl function could...

Code injection

Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i formerly Lights Out 100 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors...

CVE-2009-1426

CVE-2009-1426 affects HP ProLiant DL/ML 100 Series G5, G5p and G6 servers with ProLiant Onboard Administrator Powered by LO100i (Lights Out 100) 3.07 and earlier. The vulnerability allows remote attackers to cause a denial of service via unknown vectors. No root cause, exploit details, or remedia...

Ruby DL::dlopen could open a library with tainted library name even if $SAFE > 0

DL::dlopen could open a library with tainted library name even if $SAFE 0...

Mandriva Linux Security Advisory : ruby (MDVSA-2008:226)

A denial of service condition was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash CVE-2008-3443. A number of flaws were found in Ruby that could allow an attacker ...

Ubuntu Update for ruby1.8 vulnerabilities USN-651-1

Ubuntu Update for Linux kernel vulnerabilities USN-651-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6511.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for ruby1.8 vulnerabilities USN-651-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CentOS Update for irb CESA-2008:0897 centos4 x86_64

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0897 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for irb CESA-2008:0897 centos4 i386

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0897 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes)

Windows/x86 - Download File http://skypher.com/dll + LoadLibrary + Null-Free Shellcode 164 bytes. Shellcode exploit for Windowsx86 platform. Tags: Metas... ; Copyright c 2009-2010, Berend-Jan "SkyLined" Wever ; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/ ; All rights...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters...

CVE-2008-5565

Cross-site request forgery CSRF vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters...

CVE-2008-5565

CVE-2008-5565 is a CSRF vulnerability in DL PayCart 1.34 and earlier, where an attacker can cause an admin password change by triggering a logout action with the parameters NewAdmin, NewPass1, and NewPass2 in admin/settings.php. Root cause is CSRF in the admin settings workflow; impact is partial...

DL PayCart 1.34 Password Changer

=== LIVE === » removed... === Greetz === » ALLAH » Tornado2800 » B13 » AFSHIN-ZARBAT » QU1E » Hussain-X //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. :- //ALLAH,forgimme... / errorreportingEALL; $G4N0K =...

DL PayCart 1.34 - Admin Password Changing

=== LIVE === » removed... === Greetz === » ALLAH » Tornado2800 » B13...

DL PayCart <= 1.34 Admin Password Changing Exploit

Exploit for unknown platform in category web applications ================================================== DL PayCart = 1.34 Admin Password Changing Exploit ================================================== ?php / ============================================================================== /...

Debian: Security Advisory (DSA-1651-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2008:0897 Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting...

ruby: missing "taintness" checks in dl module

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...